Jump to content


Photo

User Profile Security

User Profile Security user profile user security

  • Please log in to reply
No replies to this topic

#1 brent

brent

    Administrator

  • Administrators
  • 65 posts

Posted 17 February 2013 - 06:49 AM

When a new user is created, the adduser utility creates a brand new home directory named /home/username, respectively. The default profile is modeled after the contents found in the directory of /etc/skel, which includes all profile basics. 

If your server will be home to multiple users, you should pay close attention to the user home directory permissions to ensure confidentiality. By default, user home directories in Ubuntu are created with world read/execute permissions. This means that all users can browse and access the contents of other users home directories. This may not be suitable for your environment. 
•To verify your current users home directory permissions, use the following syntax:

 

ls -ld /home/username
 

 

 

The following output shows that the directory /home/username has world readable permissions:

 

drwxr-xr-x  2 username username    4096 2007-10-02 20:03 username
 

 

 

 

•You can remove the world readable permissions using the following syntax

 

sudo chmod 0750 /home/username
 

 

A much more efficient approach to the matter would be to modify the adduser global default permissions when creating user home folders. Simply edit the file /etc/adduser.conf and modify the DIR_MODE variable to something appropriate, so that all new home directories will receive the correct permissions.

 

DIR_MODE=0750
 

 

 

•After correcting the directory permissions using any of the previously mentioned techniques, verify the results using the following syntax:

 

ls -ld /home/username
 

 

 

The results below show that world readable permissions have been removed:

 

drwxr-x---   2 username username    4096 2007-10-02 20:03 username
 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users