Lock down user's home dirsHEAD master

Set permissions of homedirs for newly created users to 700, so nobody else has access to them by default.
author: Peter Bex <peter@more-magic.net> 2016-04-15 20:53:17 +0200
committer: Peter Bex <peter@more-magic.net> 2016-04-15 20:53:17 +0200
commit: a8b72e64c88182f0ed6e68b778a91b52c3298b4b (patch)
tree: 14e9e7488c6fddf0ab4a0b66110d6c2eebf8ce1d
parent: 4771c015187292a1cea5932faa195ac22cb1a6be (diff)
download: vps-builder-a8b72e64c88182f0ed6e68b778a91b52c3298b4b.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/vps-builder.scm b/vps-builder.scm
index da27135..cd6d8e4 100644
--- a/vps-builder.scm
+++ b/vps-builder.scm
@@ -273,6 +273,7 @@
          ;; password would be *locked*, which means "passwd" will prompt
          ;; for a password, but there's none, so it can't be changed.
          (run* (chroot ,root-dir useradd -p "" -m -G ,cs-groups ,user))
+         (change-file-mode ~ #o700)     ; Lock down homedir
          (install-directory root-dir ~/.ssh user user #o700)
          (install-file root-dir pubkey
                        (make-pathname ~/.ssh "authorized_keys")
author	Peter Bex <peter@more-magic.net>	2016-04-15 20:53:17 +0200
committer	Peter Bex <peter@more-magic.net>	2016-04-15 20:53:17 +0200
commit	a8b72e64c88182f0ed6e68b778a91b52c3298b4b (patch)
tree	14e9e7488c6fddf0ab4a0b66110d6c2eebf8ce1d
parent	4771c015187292a1cea5932faa195ac22cb1a6be (diff)
download	vps-builder-a8b72e64c88182f0ed6e68b778a91b52c3298b4b.tar.gz