Restricting normal user account access on Ubuntu Server

Here’s a tip to restrict normal user account access so that common users may not be able to explore other directories beyond his/her own /home directory.

  • First you need to chmod all /home dir to 0700
  • Then, you need to set the default umask to 077, to do that, you ned to edit /etc/profile, and replace “umask 022” with “umask 077“.
  • Optionally, you can also update PAM configuration in /etc/pamd.d/common-session so that the line reads “pam_umask.so umask=077 usergroups

The tips has been adapted from – superuser.com