How To Secure Your Home Directory

From ECE Information Technology Services
Revision as of 11:43, 6 January 2020 by Randyg (talk | contribs)
Jump to navigationJump to search

All ECE accounts have their home directories stored on Unix/Linux file servers.

The default permissions for home directories at ECE is 711, which means that other users can enter your home directory. Additionally, the default umask is 022, which means that any files/directories that you create will be readable by others. Note that in order to be able to read a file created with the default umask, the other user will need to know its name, as they will not be able to read the names of files.

Some users may consider this to be a security risk. However, some unix processes, specifically the email system's anti-spam tools and the department's web server, need to be able to access files within your home directory in order to read your resource files. Since some users find it challenging to set the correct permissions on their home directories to get the right combination of security they desire and correct access for system processes, the recommended method to secure your home directory is to create a subdirectory -- something like ~/work -- in which to keep your work. Then, you can set the permissions on this subdirectory to something more restrictive (i.e., 700).

ECE IT Services considers the securing of one's home directory to be the responsibility of the user. In addition to setting the permissions on your ~/work directory (see examples below), you may wish to adjust your umask.

Example 1: setting permission on your ~/work directory only

  chmod 700 ~/work

Example 2: setting permission on your ~/work directory and everything below

  chmod 700 -R ~/work