How to Fix and Secure /home Directory Permissions After Accidental chmod 777 in Linux


3 views

In Linux systems, the /home directory contains all user-specific files and configurations. Setting it to 777 (world-readable/writable/executable) creates severe security vulnerabilities:

$ ls -ld /home
drwxrwxrwx. 15 root root 4096 Feb 15 10:23 /home

The proper permissions for /home should be:

drwxr-xr-x. 15 root root 4096 Feb 15 10:23 /home

Which translates to:

  • Owner (root): Read, write, execute (7)
  • Group: Read, execute (5)
  • Others: Read, execute (5)

To fix the permissions:

# First reset /home permissions
sudo chmod 755 /home

# Then correct all user directory permissions
sudo find /home -type d -exec chmod 750 {} \;
sudo find /home -type f -exec chmod 640 {} \;

# Ensure proper ownership
sudo chown -R root:root /home
for userdir in /home/*; do
    username=$(basename "$userdir")
    sudo chown -R $username:$username "$userdir"
done

Create a verification script to check home directory security:

#!/bin/bash
echo "Checking /home permissions..."
if [ $(stat -c %a /home) -ne 755 ]; then
    echo "CRITICAL: /home has incorrect permissions $(stat -c %a /home)"
    exit 1
fi

echo "Checking user directories..."
for dir in /home/*; do
    perms=$(stat -c %a "$dir")
    if [ "$perms" != "750" ]; then
        echo "WARNING: $dir has $perms (should be 750)"
    fi
done
echo "Verification complete"

Add these safety measures to your admin toolkit:

# Add to .bashrc for sysadmins
alias chhome='echo "Use chhome_safe instead"'
function chhome_safe() {
    [[ $1 == "/home" || $1 == "/home/" ]] && \
    echo "Warning: Direct /home modification blocked" && return 1
    chmod "$@"
}

Always follow the principle of least privilege when managing system directories. Consider implementing configuration management tools like Ansible for permission enforcement:

- name: Ensure proper /home permissions
  file:
    path: /home
    mode: '0755'
    owner: root
    group: root
    recurse: no


Changing /home to 777 permissions is a serious security vulnerability. This grants read, write, and execute permissions to all users (owner, group, and others) on every file and subdirectory. On multi-user systems, this means:
- Other users can access private files
- Malicious scripts could be planted
- System integrity is compromised


The standard secure permissions for /home should be:

drwxr-xr-x    # 755 permissions for /home directory
drwx------    # 700 permissions for user home subdirectories



Here's the complete fix procedure:


# First, reset /home permissions:
sudo chmod 755 /home

# Then fix all user home directories:
sudo find /home -type d -exec chmod 700 {} \;

# Set proper file permissions:
sudo find /home -type f -exec chmod 600 {} \;

# Special cases (like .ssh folder):
sudo find /home -name ".ssh" -type d -exec chmod 700 {} \;
sudo find /home -name "authorized_keys" -type f -exec chmod 600 {} \;



Create a verification script to check permissions:


#!/bin/bash
# Check /home permissions
if [ "$(stat -c %a /home)" != "755" ]; then
    echo "WARNING: /home permissions are $(stat -c %a /home)"
fi

# Check user directories
for dir in /home/*; do
    if [ -d "$dir" ]; then
        perms=$(stat -c %a "$dir")
        if [ "$perms" != "700" ]; then
            echo "WARNING: $dir has permissions $perms"
        fi
    fi
done



Add these safeguards:
1. Create an alias for safety:

alias chmod='chmod --preserve-root'


2. Set up inotify to monitor /home changes:

sudo apt install inotify-tools
inotifywait -m -r -e modify,attrib,close_write,move,create,delete /home


3. Implement regular permission audits:

# Add to cron:
0 3 * * * root /usr/bin/find /home -type d -perm /o=rwx -exec ls -ld {} \;