Limiting Access to your Home Directory
For old accounts, the default was to leave home directories at 755 (user:rwx group:r-x other:r-x), new folders at 755 (user:rwx group:r-x other:r-x), and new files at 644 (user:rw- group:r– other:r–). We have changed the default behavior for new students to:
- 711 on the home directory (the -11 of 711 is because the www-data user needs to be able to get to your public_html folder and this is the easiest way for many reasons)
- 700 as the default for new folders created within the home directory
- 600 as the default for files created within the home directory
- 755 on the public_html directory
- 755 for new folders created within the public_html directory
- 644 as the default for files created within the public_html directory
If you would like to adopt the new behavior, please run the following commands. Note that it may take a while depending on the number of files in your home directory.
cd "${HOME}"
find . -not -type l -not -path "./public_html*" -exec chmod g-rwx,o-rwx {} \;
find . -type d -not -path "./public_html*" -exec setfacl -d -m u::rwx,g::-,o::- {} \;
chmod o+x .
chmod g+x .
Please note that if you are using your home directory to share things with other users, this will break that functionality. It may also break any complicated acls you may have set. Use at your own discretion.