Ubuntu 21.04 sets the Home directory as private by default

The upcoming Ubuntu 21.04 will set the Home directory as private by default. The head of Ubuntu security technology Alex Murray explained the reason for this change. Traditional directory permissions (such as files) can be divided into 3 types: read, write, and execute. These permissions can be assigned to 3 types of users: owner, group, and others. “This allows a user to restrict access to files within a private directory to only their own user, or to allow access to public data to other users on the system on a directory-by-directory basis.” When a new user is created in the Ubuntu system, the permissions of its Home directory are by default allowing other users to share file access, with read and execute permissions, so multiple family members can share a PC and easily share files with each other. This default setting is an early choice of Ubuntu, but now it is the era of cloud computing and the Internet of Things. This default permission set for the Home directory is a security risk, so they decided to change to the private default setting in the new version.

setfacl -m u:libvirt-qemu:rx $HOME

# make all existing home directories private
sudo chmod 750 /home/*

# ensure any users created by either the adduser(8) or useradd(8)
# commands have their home directories private by default
sudo sed -i s/DIR_MODE=0755/DIR_MODE=0750/ /etc/adduser.conf
echo “HOME_MODE 0750” | sudo tee -a /etc/login.defs