Why can other users see the files in my home folder?

A Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.

If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.

For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:

umask 027

You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.

Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:

chmod -R o-rwx ~

Now if you decide to share the ~/Public folder to everyone, run the next commands:

  • chmod o+x ~ - allow everyone to descend in the directory (x), but not get a directory listing (r should not be added)
  • find ~/Public -type f -exec chmod o+r {} \; - allow everyone to read the files in ~/Public
  • find ~/Public -type d -exec chmod o+rx {} \; - allow everyone to descend into directories and list their contents

If you are use GNU coreutils (e.g. on Ubuntu, not on a embedded system having only busybox), then the previous two commands using find and chmod can be replaced by this single command that recursively makes folders and files readable (and additionally adds the execute (descend) bit for directories only):

chmod -R o+rX ~/Public

According to an Ubuntuforms.org staff member, it is to make it easier to share files between new users.

You can change the permission to either 700 or 750 if you don't want the files readable and executable by others.

Command is:

chmod 750 $HOME

Note: Ubuntu default is 755


According to Mark Shuttleworth,

"The majority of users of Ubuntu systems either have exclusive use of the machine (personal laptop) or are sharing with friends and relatives. We assume that the people who share the machine are either trusted, or in a position to hack the machine (boot from USB!) trivially. As a result, there is little to no benefit"

... from removing those permissions.