This question Unix & Linux: permissions 755 on /home/ covers part of my question but:
Default permissions on a home directory are 755 in many instances. However that lets other users wander into your home folder and look at stuff.
Changing the permissions to 711 (rwx–x–x) means they can traverse folders but not see anything. This is required if you have authorized_keys for SSH – without it the SSH gives errors when trying to access the system using a public key.
Is there some way to set up the folders / directories so SSH can access authorized_keys, postfix / mail can access files it requires, the system can access config files but without all and sundry walking the system?
I can manually make the folder 711, set ~/.ssh/authorized_keys to 644 but remembering to do that every time for every config is prone to (my) mistakes.
I would have thought by default all files were private unless specifically shared but with two Ubuntu boxes (admittedly server boxes) everyone can read all newly created files. That seems a little off as a default setting.
Best Answer
As noted in the manual by default home folders made with
useraddcopy the/etc/skelfolder so if you change it's subfolder rights all users created after in with default useradd will have the desired rights. Same for adduser. Editing "UMASK" in /etc/login.defs will change the rights when creating home folders.If you want more user security you can encrypt home folders and put ssh keys in
/etc/ssh/%uinstead of/home/%u/.ssh/authorized_keys.