How To Secure Your Home Directory

From ECE Information Technology Services
Jump to navigationJump to search

All ECE accounts have their home directories stored on Unix/Linux file servers.

The default file system permissions for home directories is 755, which means that other users can read the contents of your home directory. Additionally, the default umask is 022, which means that any files/directories that you create will be readable by others.

Many users consider this to be a security risk. However, some unix processes, specifically the email system's anti-spam tools and the department's web server, need to be able to access files within your home directory in order to read your resource files. Since some users find it challenging to set the correct permissions on their home directories to get the right combination of security they desire and correct access for system processes, the recommended method to secure your home directory is to create a subdirectory -- something like ~/work -- in which to keep your work. Then, you can set the permissions on this subdirectory to something more restrictive (i.e., 700).

ECE IT Services considers the securing of one's home directory to be the responsibility of the user. In addition to setting the permissions on your ~/work directory (see examples below), you may wish to adjust your umask.

Example 1: setting permission on your ~/work directory only

  chmod 700 ~/work

Example 2: setting permission on your ~/work directory and everything below

  chmod 700 -R ~/work