This question Unix & Linux: permissions 755 on /home/ covers part of my question but:
Default permissions on a home directory are 755
in many instances. However that lets other users wander into your home folder and look at stuff.
Changing the permissions to 711
(rwx–x–x) means they can traverse folders but not see anything. This is required if you have authorized_keys
for SSH – without it the SSH gives errors when trying to access the system using a public key.
Is there some way to set up the folders / directories so SSH can access authorized_keys
, postfix / mail can access files it requires, the system can access config files but without all and sundry walking the system?
I can manually make the folder 711
, set ~/.ssh/authorized_keys
to 644
but remembering to do that every time for every config is prone to (my) mistakes.
I would have thought by default all files were private unless specifically shared but with two Ubuntu boxes (admittedly server boxes) everyone can read all newly created files. That seems a little off as a default setting.
Best Answer
As noted in the manual by default home folders made with
useradd
copy the/etc/skel
folder so if you change it's subfolder rights all users created after in with default useradd will have the desired rights. Same for adduser. Editing "UMASK" in /etc/login.defs will change the rights when creating home folders.If you want more user security you can encrypt home folders and put ssh keys in
/etc/ssh/%u
instead of/home/%u/.ssh/authorized_keys
.