[Debian v3.0 r2] /root & /home/* are worldreadable?!

Posted on 2004-07-30
Medium Priority
Last Modified: 2010-04-22
I just want to know if the following is a bug in Debian:

I checked the default (out of the box) permissions of my freshly installed Debian 3.0 r2 installation and found that all directories under /home and the /root are world-readable and world-executable.

Is this normal?

Because I was used to RedHat 8 and all default permissions were 0750 over there...
Question by:dplus
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 23

Expert Comment

ID: 11677464
It's completely normal, and is the default for home directories and /root to be world readable and executable.

For one thing, home directories generally need to be world executable if users are running web sites from a public_html
directory: otherwise, the web server can't get in

(Execute permission on a directory means the ability to access data in it, and get into the immediate child
  directories. Read permission on a directory means the ability to get the list of the names of files stored in that

Users often want to share files with each other on a multiuser system.   If they're working with information that needs to be kept secret, they should of course set the permissions on individual files to read by owner only.

(That way if they want to share something later, when they "open up their home directory" they won't be opening up more than they think to the world)

For the privacy concerned, the best practice is to set a good UMASK that controls default permissions of new files
and directories... it's an option that can be set in the login script, .profile, .tcshrc, .cshrc, etc...  i.e.
 umask 077

077  makes new files mode 600 by default and new directories mode 700 by default, for example
(Since 0777 - 077 = 0700    and  (0700 & 0666) = 0600)

LVL 51

Accepted Solution

ahoffmann earned 150 total points
ID: 11677560
> For one thing, home directories generally need to be world executable if users are running web sites from a public_html directory: otherwise, the web server can't get in

this example just shows a purely/unsecure  configured web server
(rest of explanation is good:)

'cause this is a security TA, I'd sugest 0700 for /home/* and /root
if there is something to share, 0750 for /home/* (but that's unsecure in most cases)

Featured Post

Give Your Engineering Team a Productivity Boost

Learn why container technology is so powerful and how it can provide your team with productivity gains and other benefits.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses
Course of the Month11 days, 15 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question