limiting-access-to-your-home-directory

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
limiting-access-to-your-home-directory [2017/11/17 11:58] brycemllimiting-access-to-your-home-directory [2017/11/17 12:22] (current) bryceml
Line 1: Line 1:
 ====== Limiting Access to your Home Directory ====== ====== Limiting Access to your Home Directory ======
  
-For old accounts, the default was to leave home directories and newly created files at 755  (user:rwx group:r-x other:r-x).  We have changed the default behavior for new students to:+For old accounts, the default was to leave home directories at 755 (user:rwx group:r-x other:r-x), new folders at 755 (user:rwx group:r-x other:r-x), and new files at 644 (user:rw- group:r-- other:r--).  We have changed the default behavior for new students to:
  
   * 711 on the home directory (the -11 of 711 is because the www-data user needs to be able to get to your public_html folder and this is the easiest way for many reasons)   * 711 on the home directory (the -11 of 711 is because the www-data user needs to be able to get to your public_html folder and this is the easiest way for many reasons)
-  * 700 as the default for files created within the home directory+  * 700 as the default for new folders created within the home directory 
 +  * 600 as the default for files created within the home directory
   * 755 on the public_html directory   * 755 on the public_html directory
-  * 755 as the default for files created within the public_html directory +  * 755 for new folders created within the public_html directory 
 +  * 644 as the default for files created within the public_html directory
  
 If you would like to adopt the new behavior, please run the following commands.  Note that it may take a while depending on the number of files in your home directory. If you would like to adopt the new behavior, please run the following commands.  Note that it may take a while depending on the number of files in your home directory.
Line 14: Line 15:
 cd "${HOME}" cd "${HOME}"
  
-find . -not -type l -not -path "./public_html*" -exec chmod o-rwx {} \; +find . -not -type l -not -path "./public_html*" -exec chmod g-rwx,o-rwx {} \;
-find . -not -type l -not -path "./public_html*" -exec chmod g-rwx {} \;+
 find . -type d -not -path "./public_html*" -exec setfacl -d -m u::rwx,g::-,o::- {} \; find . -type d -not -path "./public_html*" -exec setfacl -d -m u::rwx,g::-,o::- {} \;
 chmod o+x . chmod o+x .
 chmod g+x . chmod g+x .
 + 
 </code> </code>
  
-Please note that if you are using your home directory to share things with other users, that will break that functionality.  It may also break any complicated acls you may have set.  Use at your own discretion.+Please note that if you are using your home directory to share things with other users, this will break that functionality.  It may also break any complicated acls you may have set.  Use at your own discretion.
  • limiting-access-to-your-home-directory.1510945107.txt.gz
  • Last modified: 2017/11/17 11:58
  • by bryceml