What permissions do you have on your user home directory?

I noticed one system has 700 while another had 710 on the /home/[USER] directory. However the files and directories inside the user home have varying permissions, generally much more permissive, such as 775.

If I recall correctly, 700 for a directory prevents searching inside it by other users but allows access to files/directories inside if the exact path is known and its permissions allow it. Is that correct?

What permissions are recommended? Would recursively setting everything inside the user home to 700 be likely to break anything?

These are single user systems so it’s not a big worry, but I’m trying to trim unnecessary privileges and consider best practices.

700 only allows the directory owner RWX where as if it was 775 anyone can RWX in the group and RW world.

If you have a multi-user environment then 700 is desired. This is what we had my university so we couldn’t cheat off each other.

And what about permissions of files/directories inside the user home?

My Fedora install. I have not touched has 700 on my home dir. Its been installed for perhaps coming on 4 years now through several upgrades.

No issues and I have other users who do use the machine sometimes I switch users to a locked down not me user.

Works fine.

Yes, 700 is the usual permissions on home directories. That means people cannot see inside, nor can they traverse. So if you had for instance:

drwx------ /home/mydir
drwxrwxr-x /home/mydir/docs/

Someone doing:
ls -l /home/mydir/docs/

Would come up with nothing, because they cannot traverse through the permissions on mydir

3 Likes

Thanks. I was confusing 700 with the effects of 701.

For Directories

  • read : means you have access to list the files in a directory. You may not have access to do anything with them, but you can at least see their names, sizes, permissions, etc.
  • write : means you have access to change the list of files in a directory. That is, you can create files, delete them, rename them, etc. You may not be able to open (read or write) any existing files, but you can modify the list.
  • execute : means you can access the files or directories instead the directory as long as you know the name and have the appropriate permissions on the child file or dir. You can use the directory, but you don’t have permission to modify or see the list of files.

What is the significance of group and other permissions when the parent directory has 700?