Home / server / Questions / 92420
Accepted
Mirage
Asked: 2009-12-09 15:39:52 +0800 CST

What should be the ideal home directory permissions in linux

  • 772

I have accidentally changed /home's permissions to 777.

What permissions should this directory have ?

linux

7 Answers

  1. Best Answer

    I think the best permission would be

     711 if you dont want to add groups as well or

 751  so that public can't read your home directory

    with 755 public can read which other users are on you home directory

    • 16

  2. Between 751 and 750, it should be noted that 751 can be used to allow access to a subdirectory of your home directory.

    One place you might use this is when enabling the Userdir mod for the Apache web server -- it allows you to give each user their own web-browseable directory, under a common name such as public_html. For example, a URL like http://<hostname>/~<username> can be automatically served up from /home/<username>/public_html/. But to do that, Apache needs to have sufficient permissions within your home directory to at least read files in a folder under it.

    Setting a directory to 751 allows it to be navigated to (by anyone) without being read. This, in turn, is required to allow the username that Apache runs under to get 'through' your home directory to the public_html within it.

    This is useful, in my experience, primarily for web development on a local machine, though I've seen it in action not uncommonly with educational institutions.

    • 7

  3. The default would usually be 0755.

    I guess 0751 would also work, if you for some reason don't want the content to be publicly browsable.

    (of course, owned by root:root)

    • 2

  4. Rather than set executable on every file (which includes lots of non-executable files) in your home folder (something that you have to manually undo), and wiping some of the existing permissions you already had, it is preferred to take an additive/subtractive approach instead with permissions.

    I never recommend one octal for every file. Files have permissions for a reason. Sometimes you want to disable an executable. Maybe something that could damage your system is marked as executable. chmod ug+x <file> will add execute permissions to specific files in your home folder instead.

    Follow these instructions for more secure and traditional file permissions (similar to the idea behind chmod 751 rwx r-x --x but without global executable permissions or removing existing permissions for the user).

    1. Set the owner as the user, and set the group to the user group (substitute your user name):

      sudo chown -R <username>:<username> ~

    2. Make sure we have read and write access to all files from "user":

      chmod -R u+rw ~

    3. Remove write access from "group":

      chmod -R g-w ~

    4. Remove all access from "others":

      chmod -R o-rwx ~

    5. Make sure all directories are executable (they must be to enter into them):

      find ~ -type d -name \* -exec chmod +x {} \;

    6. Remove all access to your .ssh private keys except for the user (if you have a ~/.ssh folder):

      chmod -R go-rwx ~/.ssh

    Hope that helps.

    • 1

  5. I would say 0755 is your best bet.

    • 0

  6. the /home directory should be 755 IMO. I use 755 or 750 on each user's /home/username directory for more privacy.

    • 0

  7. 755 for /home

    770 for individual user home folders or folder where you want to give write privileges to your group. In most cases, I set the last digits to 0 because if they are not in my group, I usualy dont want them to have any access at all.

    I use 770. this way, people not in my group have no access whatsoever to the subfolders. With 775, people can still see your directory structure and names.

    • 0