Prevent Access to Home Directory in Ubuntu 14.04
Protecting Your Home Directory in Ubuntu
If your Ubuntu system is shared among multiple users, it’s common to assume each person logs into their own account with exclusive access to their personal files. However, the default configuration allows any user to potentially access the home directories of others.
Understanding Default Permissions
When a new user is added via the adduser utility, a corresponding home directory is created, typically located within the /home/ directory. For instance, a user named lori would have a home directory at /home/lori. Crucially, these directories are initially created with permissions that grant world read and execute access, meaning all users on the system can view the contents of other users’ home directories. Further details on Linux file permissions can be found in our related article.
NOTE: When instructed to type commands, do not include the quotation marks unless explicitly stated.
Checking Current Permissions
To examine the existing permissions on your home directory, open a Terminal window by pressing Ctrl+Alt+T. Then, enter the following command, substituting "lori" with your actual username, and press Enter:
ls --ld /home/lori
NOTE: Ensure you use lowercase 'l' and not the number '1' in the command.
The output will display a string of characters at the beginning of the line representing the file permissions. As explained in our article on Linux permissions:
"The r stands for "read," the w stands for "write," and the x stands for "execute." Directories will start with a "d" instead of a "-". You'll also notice that there are 10 spaces which hold value. You can ignore the first, and then there are 3 sets of 3. The first set is for the owner, the second set is for the group, and the last set is for the world."
This means a directory with read, write, and execute permissions for the owner, and read and execute permissions for the group and world, allows broad access.
Restricting Access with chmod
To enhance your privacy, you can modify the permissions of your home directory. Execute the following command in the Terminal, replacing "lori" with your username:
sudo chmod 0750 /home/lori
You will be prompted for your password; enter it and press Enter.
NOTE: The chmod command utilizes octal numbers to define permissions. While our Linux file permissions article details a more granular method, using octal numbers offers a quicker approach. Choose the method you find most comfortable. For a deeper understanding of octal permissions, consult this resource.
Verifying the Changes
Related: The Beginner’s Guide to Managing Users and Groups in Linux
Re-run the command "ls --ld /home/" (using the up arrow twice to recall it) to verify the changes. You should now see dashes (-) in the "world" permission section, indicating that others no longer have read, write, or execute access to your home directory.
If you desire complete privacy, restricting access to only yourself, use "0700" in the chmod command.
NOTE: For more information on user and group management in Linux, refer to our dedicated article.
To exit the Terminal, type "exit" and press Enter.
Attempting to access your home directory by other users will now result in a permission denied message.
Setting Default Permissions for New Users
You can configure Ubuntu to automatically apply specific permissions when creating new user accounts. To do this, you need to modify the adduser configuration file. Enter the following command in the Terminal and press Enter:
gksudo gedit /etc/adduser.conf
We are utilizing gedit for editing; however, you can employ any preferred text editor.
NOTE: gksudo is used to run graphical applications with root privileges, while sudo is for command-line programs.
Enter your password when prompted and press Enter or click OK.
Scroll down to the DIR_MODE line within the adduser.conf file. The default value is "0755". Adjust it to reflect your desired permissions, such as "0750" or "0700" as previously discussed. Save the changes.
Close gedit by selecting Quit from the File menu, or by clicking the 'X' button in the upper-left corner.
Finally, close the Terminal window by clicking the 'X' in the upper-left corner.
Your home directory files will now remain private by default. Remember that users within the same group as you may still require restricted permissions for both the group and world settings.