Difference between revisions of "How To Secure Your Home Directory"
Line 3: | Line 3: | ||
All ECE accounts have their home directories stored on Unix/Linux file servers. | All ECE accounts have their home directories stored on Unix/Linux file servers. | ||
− | The default | + | The default permissions for home directories at ECE is 711, which means that other users can enter your home directory. Additionally, the default |
− | |||
[http://en.wikipedia.org/wiki/Umask umask] is 022, which means that any | [http://en.wikipedia.org/wiki/Umask umask] is 022, which means that any | ||
− | files/directories that you create will be readable by others. | + | files/directories that you create will be readable by others. Note that in order to be able to read a file created with the default umask, the other user will need to know its name, as they will not be able to read the names of files. |
− | + | Some users may consider this to be a security risk. However, some unix processes, | |
specifically the email system's anti-spam tools and the department's web | specifically the email system's anti-spam tools and the department's web | ||
server, need to be able to access files within your home directory in order to | server, need to be able to access files within your home directory in order to |
Revision as of 10:43, 6 January 2020
All ECE accounts have their home directories stored on Unix/Linux file servers.
The default permissions for home directories at ECE is 711, which means that other users can enter your home directory. Additionally, the default umask is 022, which means that any files/directories that you create will be readable by others. Note that in order to be able to read a file created with the default umask, the other user will need to know its name, as they will not be able to read the names of files.
Some users may consider this to be a security risk. However, some unix processes, specifically the email system's anti-spam tools and the department's web server, need to be able to access files within your home directory in order to read your resource files. Since some users find it challenging to set the correct permissions on their home directories to get the right combination of security they desire and correct access for system processes, the recommended method to secure your home directory is to create a subdirectory -- something like ~/work -- in which to keep your work. Then, you can set the permissions on this subdirectory to something more restrictive (i.e., 700).
ECE IT Services considers the securing of one's home directory to be the responsibility of the user. In addition to setting the permissions on your ~/work directory (see examples below), you may wish to adjust your umask.
Example 1: setting permission on your ~/work directory only
chmod 700 ~/work
Example 2: setting permission on your ~/work directory and everything below
chmod 700 -R ~/work