Geek Rewind

Secure Linux User Directories: A Quick Guide

Richard

·

By default, for every new user account you create on a Linux system, the account home directory is automatically opened to all other users. The user’s home folder and all content become readable by all. All users’ content in their home directories will be accessed and read by all. Therefore, this may not be a…

By default, for every new user account you create on a Linux system, the account home directory is automatically opened to all other users. The user’s home folder and all content become readable by all.

All users’ content in their home directories will be accessed and read by all. Therefore, this may not be a great way to manage users’ home directories in some environments.

This brief tutorial will show students and new users how to ensure all users created on a Linux system are created and their home directories are protected.

Every time you run the adduser command, the defaults for the user are drawn from the /etc/adduser.conf file. All the configurations’ settings in that file are applied to all new accounts.

If you want to prevent users from viewing each other home folder, you can edit that config file and make the changes there.

So, to prevent world-readable permissions for all new users created on Linux systems, run the commands below to open the default adduser.conf file.

sudo nano /etc/adduser.conf

Then change the line that reads:

# If DIR_MODE is set, directories will be created with the specified
# mode. Otherwise the default mode 0755 will be used.
DIR_MODE=0755

And change it to the line below

# If DIR_MODE is set, directories will be created with the specified
# mode. Otherwise the default mode 0755 will be used.
DIR_MODE=0750

Save the file, and you’re done.

After making those changes, every time you run the commands below to create a new account, the new settings will ensure the user account isn’t readable.

sudo adduser johndoe
Adding user `johndoe' .
Adding new group `johndoe' (1001) .
Adding new user `johndoe' (1001) with group `johndoe' .
Creating home directory `/home/johndoe' .
Copying files from `/etc/skel' .
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
Changing the user information for johndoe
Enter the new value, or press ENTER for the default
	Full Name []: John Doe
	Room Number []: 101
	Work Phone []: 123-133-1244
	Home Phone []: 123-133-1244
	Other []: 
Is the information correct? [Y/n] Y

Only the admin or an account with sudo permissions can view content in other home directories.

Enjoy!

Richard Avatar
Richard
Richard, the owner and lead writer at Geek Rewind, is a tech enthusiast passionate about simplifying complex IT topics. His years of hands-on experience in system administration and enterprise IT operations have honed his ability to provide practical insights and solutions. Richard aims to make technology more accessible and actionable. He’s deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions. He enjoys watching football, cheering for the Minnesota Vikings, and spending time with his family when he’s not writing or managing Geek Rewind.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


Exit mobile version