The development of Ubuntu 21.04 is in progress for its stable release on April 22, 2021. One of the proposed changes in Ubuntu 21.04 is to make the users’ home directories private.

Private home directories? What does it mean?

I hope you are aware of file permissions. If not, I have written a detailed and easy to understand guide to Linux file permission and I suggest you read that.

Most people probably never noticed it but the home directory in Ubuntu has the permission 755 i.e. rwxr-xr-x.

What it means is that if there are multiple users on the same Ubuntu system, they can enter home directory of other users and read the files stored in it. They cannot modify these files or execute them, however.

I think this is the common practice in many Linux distributions as this allows to easily share files between users on the same Linux system, specially in a server environment.

If this was the usual practice so far, why change it now?

Making home directory private adds a security layer

As Alex Murray of Canonical points in the announcement, in the cloud and server environment, usually, there is one admin account and several worker accounts.

In a rare case, if the worker account is compromised, the attacker can easily access sensitive data from the home directories of other users and the admin accounts.

This is the reason why the home directories in Ubuntu 21.04 will have permission 750 instead of 755.

This means that other users on the same system cannot enter the home directories of other users or access and read their files. In cases, where a set of users were created as part of the same default group, they can still access home directories. By default, in Ubuntu, each user has its own default group with the same name as the username.

Won’t impact users upgrading to Ubuntu 21.04 from previous versions

This change will not bother you if you are upgrading to Ubuntu 21.04 from 20.10. It is only applicable to fresh Ubuntu install. The change will be tested before the next LTS release in 2022.

There is also the issue of useradd and adduser command at this stage. The new rule will be respected by the adduser command but that might not be the case with the useradd command.

You can follow the discussion thread for more details on this change.

Please use the comment section to voice your opinion and concern on this topic.