Home folder in Ubuntu becomes unreadable for new accounts by default

The home directories of new accounts in Ubuntu are no longer world-readable from version 21.04. This means that when a new account is created, the files in the home directory of this account will no longer be readable and executable by other accounts.

Alex Murray, security tech lead at Ubuntu, explains on the Ubuntu site that making new accounts world-readable by default is outdated. This feature used to be useful, Murray says, when computers were shared by multiple people who would like to easily share files with each other. By now, a significant portion of Ubuntu computers would be used in the cloud and server sector. These computers often have an admin account and multiple non-admin user accounts. In this situation, this feature is more of a footgun that can cause security issues. For example, with such a computer, a cyber criminal has easier access to sensitive data that may be present in the other personal folders.

Therefore, Murray modified the /etc/adduser.conf file, replacing DIR_MODE=0755 with DIR_MODE=0750. As a result, the files in the personal folder of new accounts that are added via adduser can no longer be read and executed by the other users by default. Also when creating an account on a new system, the personal folder is made inaccessible for users yet to be created.

The custom setting is coming to Ubuntu via the 21.04 Hirsute Hippo update, with the final release scheduled for April 22. Existing accounts will not be changed by the update, so files in the personal folder of these accounts can still be used by other accounts, unless modified earlier.

Comments
Loading...