Here’s a tip to restrict normal user account access so that common users may not be able to explore other directories beyond his/her own /home directory.
- First you need to chmod all /home dir to 0700
- Then, you need to set the default umask to 077, to do that, you ned to edit /etc/profile, and replace “umask 022” with “umask 077“.
- Optionally, you can also update PAM configuration in /etc/pamd.d/common-session so that the line reads “pam_umask.so umask=077 usergroups“
The tips has been adapted from – superuser.com