Steve January 13, 2021
ubuntu-is-making-home-folders-private-in-21.04

Home directories in Ubuntu 21.04 ‘Hirsute Hippo’ will be private by default.

Ubuntu say their ‘significant customer and user-base in the public cloud and server space’ merits stricter defaults

‘Wait: you mean they aren’t already?!’, I hear.

And the answer is, weirdly, no.

If you create a new user on an Ubuntu system that user can ‘read’ files in the main ~/Home folder. Y’know, the one you probably use for your personal account.

It sounds crazy lax but, back in the early days of Ubuntu the reasoning was that multi-user systems have: “…some level of cooperation (if not trust) among the users – they’ll be members of the same family, or friends, or co-workers, or whatever – and it is useful for them to be able to share files reasonably conveniently”.

The world, like Ubuntu, has moved on considerably since that statement was made. We expect much stricter handling of our personal data even on systems that we admin ourselves.

And Ubuntu devs agree. They feel their ‘significant customer and user-base in the public cloud and server space’ merits stricter controls from the outset.

“World-readable home directories,” Ubuntu’s Security Tech Lead reasons are “…more like a footgun than a feature – in this case, if a worker account is compromised, an attacker could now more easily access sensitive data from the other worker accounts or the admin account.”

And lo, change.

In Ubuntu 21.04 Home folder are no longer ‘world-readable’ by default. Or, to be explicitly technical, the directory permissions change from 755 to 750.

Important note: this will not affect existing installs, nor any in-place upgrades to 21.04 later this year. Only new Ubuntu 21.04 installs (and new users created therein) will benefit from the tighter permissions.

Why make this security tweak now, in 21.04? It gives Ubuntu devs several releases to gauge the impact of, and work through any issues that arise from it well in advance of the next LTS.

More details on the change can be gleaned from Ubuntu developer mailing list announcement.

Read More