On Sun, Apr 01, 2001 at 04:44:09AM -0700, Ryan Low wrote:
> Hi, all. Could anybody kindly tell me, is there any
> way to change the default permissions of the home
> directories created when adding users (useradd -m
> joebloggs)? Also--forgive the newbie question--I'd
> like to set the default permissions to 700 (rwx------)
> instead of the default 755 (rwxr-xr-x); is this a
> common thing to do? It seems odd that the default
> would be to allow users to go perusing each other's
> files. Or is it standard practice to have a "private"
> directory inside a publicly-accessible home directory?
> I realize what I'm trying to do takes away the ability
> to have shared directories (eg user web pages), but
> I'm wondering if it's otherwise a bad idea. Thanks for
> the help.
> 
> Ryan
> 
Ryan,

Don't worry about asking Newbie questions! They're what I've been
asking for ages!

I'm not sure if this is quite what you want, but you can issue the
command

umask abc

where a, b, and c are masks for yourself, members of your group, and
the world at large. Setting a mask to 7 turns off all permissions. Setting
it to 2 turns off write access, and so on - just like chmod, but in reverse.

I have umask 2 set in my .profile, so that any new files I create are not
world-writable.

My suggestion would definitely be that user directories ought to be readable
by all. If not, then users can't make *any* of their files readable by
others. I'm not sure why you should be so anxious about stopping users reading
each others' files - have they got something to hide? But if this really
is a concern, you can still set a default umask in everyone's .profile, .login, .cshrc, or whatever that makes sure that any new files created by a user are
only accessible by their owner. umask 77 would do the trick.

If you do this, then users will be able to list each others' home
directories, but will not be able to read any files or open any directories
contained therein unless the owner has explicitly made them visible with
chmod.

Hope this helps.

Ian