Correct permission for home directory
Dear All, I was playing with the permissions of /home /home/psmith because of the issue reported in previous posts. Could someone please tell me the commands to restore the correct permissions to those both directories? In previous posts, some people recommended chmod 755 /home But what about /home/psmith ? Thanks in advance, Paul -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Correct permission for home directory
Paul Smith writes: > chmod 755 /home > > But what about > > /home/psmith It depends on what you want. There is some tradition that home directories are readable for everyone and writable for their owners only. It may be a good idea to make them readable for their owners only --- or a bad idea like when you're exporting directories in homes through apache (which I think is a very bad idea). In case you have users in groups that need to access someones home directory, you may want to allow group access. When you have convoluted requirements, you may want to use ACLs to accomplish what you need ... -- Fedora 19 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Correct permission for home directory
On Sat, Jul 13, 2013 at 3:47 PM, lee wrote: >> chmod 755 /home >> >> But what about >> >> /home/psmith > > It depends on what you want. There is some tradition that home > directories are readable for everyone and writable for their owners > only. It may be a good idea to make them readable for their owners only > --- or a bad idea like when you're exporting directories in homes > through apache (which I think is a very bad idea). > > In case you have users in groups that need to access someones home > directory, you may want to allow group access. When you have convoluted > requirements, you may want to use ACLs to accomplish what you need ... Thanks, Lee. I have done the following: chmod 755 /home chown psmith /home/psmith chmod -R u=rwx,g=,o= /home/psmith I hope those have left my system secure! Paul -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Correct permission for home directory
Paul Smith writes: > On Sat, Jul 13, 2013 at 3:47 PM, lee wrote: >>> chmod 755 /home >>> >>> But what about >>> >>> /home/psmith >> >> It depends on what you want. There is some tradition that home >> directories are readable for everyone and writable for their owners >> only. It may be a good idea to make them readable for their owners only >> --- or a bad idea like when you're exporting directories in homes >> through apache (which I think is a very bad idea). >> >> In case you have users in groups that need to access someones home >> directory, you may want to allow group access. When you have convoluted >> requirements, you may want to use ACLs to accomplish what you need ... > > Thanks, Lee. I have done the following: yvw :) > chmod 755 /home > chown psmith /home/psmith > chmod -R u=rwx,g=,o= /home/psmith > > I hope those have left my system secure! I'd be wondering what 'g=,o=' actually does. You may want chmod u+rwx,go-rwx /home/psmith and you probably do *not* want to set all files in /home/psmith to be executable for their owner like you set them with '-R u=x'. Be careful with chmod. About twenty years ago when I had my first Linux installation, I messed it up with chmod when I wanted to edit some files and it won't let me. I decided to re-install because all the permissions were messed up and some things didn't work anymore. That has been the only time I actually had to re-install a Linux distribution, except for when switching from i386 to amd64. Talk about reliability ... BTW, iirc there's also some settings for shells like bash that specify the default mode to use when creating files which you may want to look at. -- Fedora release 19 (Schrödinger’s Cat) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Correct permission for home directory
> > I'd be wondering what 'g=,o=' actually does. You may want > > chmod u+rwx,go-rwx /home/psmith > > and you probably do *not* want to set all files in /home/psmith to be > executable for their owner like you set them with '-R u=x'. Indeed the better option is chmod -R u=rwX,go-rwx /home/psmith ... Note the capital X to only set the execute bit on directories. Incidentally if you are the only user of this system all this talk of the right permissions for your home directory to secure it is pretty moot ;-) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Correct permission for home directory
On 14 Jul 2013, at 02:24, lee wrote: > Paul Smith writes: > >> On Sat, Jul 13, 2013 at 3:47 PM, lee wrote: chmod 755 /home But what about /home/psmith >>> >>> It depends on what you want. There is some tradition that home >>> directories are readable for everyone and writable for their owners >>> only. It may be a good idea to make them readable for their owners only >>> --- or a bad idea like when you're exporting directories in homes >>> through apache (which I think is a very bad idea). >>> >>> In case you have users in groups that need to access someones home >>> directory, you may want to allow group access. When you have convoluted >>> requirements, you may want to use ACLs to accomplish what you need ... >> >> Thanks, Lee. I have done the following: > > yvw :) > >> chmod 755 /home >> chown psmith /home/psmith >> chmod -R u=rwx,g=,o= /home/psmith >> >> I hope those have left my system secure! > > I'd be wondering what 'g=,o=' actually does. You may want > > You'd be wanting to take a peek in the man page for chmod then. They're designed for exactly what he's done. Junk. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org