Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

Like this article? We recommend

Securing Home Directory Access

By default, users have read access to the root level of other user’s home directories. There are two ways to secure home directories from such access. The first is to modify the permissions on the home directory template (which is the basis of all user home directories) so that individual folders within each newly created home directory allow only the owner of the home directory access to those subfolders. This approach works well if you are making other modifications to the template or want users to have read access to only specific parts of each other’s home directories.

The second (more secure) approach is to change the permissions on all home directories after they are created. This approach involves some work as root in the terminal and can be performed on a share point–by–share point basis, meaning that you can secure some home directories and not others. This is particularly useful in a school situation, in which you want to secure faculty and staff directories from students, but not vice versa. Use the following commands as the root user or after using the su command while at or just above the root level of the share point containing the home directories that you want to secure (change directoryname to match the name of the folder where your home directories reside).

chmod -R 700 /directoryname
chmod 755 /directoryname
cd directoryname
chmod 666 .DS_Store
chmod 333 Shared
  • + Share This
  • 🔖 Save To Your Account