permissions 755 on /home/<user>/
If your home directory is private, then no one else can access any of your files. In order to access a file, a process needs to have execute permission to all the directories on the path down the tree from the root directory. For example, to allow other users to read /home/martin/public/readme
, the directories /
, /home
, /home/martin
and /home/martin/public
all need to have the permissions d??x??x??x
(it can be drwxr-xr-x
, or drwx--x--x
or some other combination), and additionally the file readme
must be publicly readable (-r??r??r??
).
It is common to have home directories with mode drwxr-xr-x
(755) or at least drwx--x--x
(711). Mode 711 (only execute permission) on a directory allows others to access a file in that directory if they know its name, but not to list the content of the directory. Under that home directory, create public and private subdirectories as desired.
If you never, ever want other people to read any of your files, you can make your home directory drwx------
(700). If you do that, you don't need to protect your files individually. This won't break anything other than the ability of other people to read your file.
One common thing that may break, because it's an instance of other people reading your files, is if you have a directory such as ~/public_html
or ~/www
which contains your web page. Depending on the web server's configuration, this directory may need to be world-readable.
You can change the default permissions for the files you create by setting the umask value in your .profile
. The umask is the complement of the maximal permissions of a file. Common values include 022 (writable only by the owner, readable and executable by everyone), 077 (access only by the owner), and 002 (like 022, but also group-writable). These are maximal permissions: applications can set more restrictive permissions, for example most files end up non-executable because the application that created them didn't set the execute permission bits when creating the file.
If you check in RHEL/CentOS 5.x, the default Permission is 700, but in Ubuntu it is 755.
According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users. You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.
Also, is it possible to set the permissions on my home, so that all new files created will have 600 and directories 700 ?
You can set umask 0077
for that
It will work like:
Default permission for directory is 0777
, so when you set umask 0077
then new directory will create with permission (0777-0077)
i.e 0700
as you want.
Yes, there is a very legitimate reason. Note that other users can read but not write to your files. This is very useful in professional networks because you can easily share your files with your colleagues.
For example, in the lab I used to work in, we all had access to each other's $HOME
directories so we could easily share our data or our scripts with each other. If my friend Alice had a nice script for doing X, I would just run it:
~alice/bin/scriptX.pl mydata
As others mentioned, to change this you will need to set umask. For example, to make new files and folders readable only by you, add this to your ~/.bashrc
:
umask 0077