From a8b72e64c88182f0ed6e68b778a91b52c3298b4b Mon Sep 17 00:00:00 2001 From: Peter Bex Date: Fri, 15 Apr 2016 20:53:17 +0200 Subject: Lock down user's home dirs Set permissions of homedirs for newly created users to 700, so nobody else has access to them by default. --- vps-builder.scm | 1 + 1 file changed, 1 insertion(+) diff --git a/vps-builder.scm b/vps-builder.scm index da27135..cd6d8e4 100644 --- a/vps-builder.scm +++ b/vps-builder.scm @@ -273,6 +273,7 @@ ;; password would be *locked*, which means "passwd" will prompt ;; for a password, but there's none, so it can't be changed. (run* (chroot ,root-dir useradd -p "" -m -G ,cs-groups ,user)) + (change-file-mode ~ #o700) ; Lock down homedir (install-directory root-dir ~/.ssh user user #o700) (install-file root-dir pubkey (make-pathname ~/.ssh "authorized_keys") -- cgit v1.2.3