File system defaults
The initial account used to administer the system, as well as any accounts created prior to changing the umask, will allow all users read access to the files in their home folders. It is recommended that this be changed so that only owners and groups have read access to these files. For all users on the system, execute the following command:
sudo chmod –R 740 /Users/username
Where username is the name of the user. This operation will have to be performed every time a new user is added to the system. This has the added effect of preventing other users from reading the contents of ~/Public and ~/Sites folders and from writing files to the ~/Public/Drop Box folder. It is recommended that the permissions on these folders be changed on a per user basis.
Add A Comment