- Dec 11, 2019
- Reaction score
Users can change the permissions of their own homedir, what you could do as I mentioned before is make root the owner of all the homedirs. Then the group of the corresponding user of that homedir and set the homedirs with permission 770 and then the default umask 007(I think) that would make all the files and directories rw for the group. Then you could even have set the umask that world/other are world readable, since in this situation the homedir is only accessible by the user that the homedir is meant for.The sudo is not needed for a user to change his or her own home directory as a user owns his home directory. As per my note above, home directory permissions do not change, nor set the mask for, the files contained in the directory, so I had assumed you had intended to fix the files.
So in short locking down the homedir making it so that the user can't change permissions on their own homedir, plus setting the default umask or fall users that files will be created with group rw for files(and rwx for directories) permissions. I think if you set it up this way it would prevent you from having to deal with worry about whether the display-manager is configured correctly to use the correct umask for gui applications. I always try to use the KISS principle, that way it's easier to remember and to setup.