6

I'm thinking of doing 'chmod 700 -R ~'. Can it be dangerous? What can happen what I don't expect? Also, is there any way to keep all files on $HOME to be -rwx------?

Anon
  • 61
  • 1
  • 3
  • 3
    Why not just `chmod go-rx ~`? No need to recurse. (FWIW, some systems might not like it, e.g. when users publish web sites using `~/Sites` or `~/www` or something like that -- then the http server needs access to `~` -- but you'd know it if you did that). – Daniel Beck Oct 30 '13 at 22:05
  • Of course, if somebody made a copy of one of Anon’s world-readable files yesterday, there’s no way of recovering it. But what if somebody made a hard link to one of his files? `chmod`ing the home directory won’t affect that; he needs recursion to make the linked file private. – Scott - Слава Україні Oct 30 '13 at 22:33
  • 1
    You don't have to do a recursive `chmod`. `chmod 700 ~` will keep all prying eyes out of your home directory. – mtak Jun 20 '14 at 14:51
  • @mtak: Ummm, Did you _read_ the existing comments? – Scott - Слава Україні Jun 20 '14 at 15:31
  • How about doing `chmod 700 /home/*` instead of doing recursive. Since if access into parent directory's permission is denied, other users' will not able to access their sub-directories. If recursion is required after a new folder created under home `~` we have to change its permission. It might be difficult to keep track of all the new folders and update their permission. @Scott – alper Jun 03 '18 at 18:50

2 Answers2

7

The main problem I can think of is that that command will set the execute bit on all files, even those that aren’t executable.  So, if you have a file called foo, and someday you want to do cat foo or print foo and you accidentally type just foo, the shell will try to execute foo; i.e., interpret it as a shell script.  This will probably just explode in your face harmlessly, but if foo contains anything that looks like a shell command, you could get harmful results.

A lesser issue is that if you have a file that you want to preserve, and last year you did a chmod 444 to protect it from yourself, the chmod 700 will restore your write bit, and make it easier for you to clobber the file accidentally.

The solution to both issues is to do chmod go= -R ~ or chmod go-rwx -R ~, which will turn off all bits for group and others, but leave your access alone.

Scott - Слава Україні
  • 21,399
  • 46
  • 64
  • 121
  • 1
    Could I run `chmod 700 /home/*` instead of doing recursive. Since access into parent directory's permission is denied, other users' will not able to access their sub-directories. @Scott – alper Jun 03 '18 at 18:47
0

Kind of old now but you can chmod 700 for folders and chmod 600 files and it would solve the issue of adding the execute bit on all regular files (you need execute on folders to ls).

find ~ -type d -print0 | xargs -0 chmod 700
find ~ -type f -print0 | xargs -0 chmod 600
mtak
  • 16,513
  • 2
  • 52
  • 64
Brendan Stennett
  • 1
  • 3
    This GNU coreutils command has the same effect: `chmod -R ~ go-rwx,u+rwX`. It first removes group and world permissions, then adds read and write to the user and execute to directories. Warning: some files are expected to have an execute bit (like those in `~/bin/` or `node_modules/bin/`). – Lekensteyn Jun 20 '14 at 13:42