what would it be the permissions command [chmod ???] so that users are able to read, write, and execute stuff on their *OWN* home directories, nothing more, nothing less?

On a test bogus user I created [chupacabra], I can login via SSH or Telnet or whatever or even locally in front the computer, and chupacabra is able to read what john, mary jane, joe have in their directories.

I want to prevent that so user 'chupacabra' can access [read, execute, and write] to his own home directory only.

Is there any command I run as root and takes care of this for all the users, present and future -without having to retype the command each time I add a user?

Thanks,
el chupacabra

well ... that's a
chmod go-rwx /home/chupa
cd /home/chupa
chmod -Rv go-rwx *

I don't know where the default umask for
a users home is being set, though .... :/

Cheers,
Tink

The permissions on the user dirs and stuff below shouldn't exceed octal 0750 then. That also means you have to adjust your /etc/profile or whatever their shell reads umask from to use umask 027 (subtr.) for future files. I do it like this:
id=( $(id -u) $(id -g) ); if [ ${id[0]} -ge 500 -a ${id[1]} -ge 500 ]; then umask 027; fi

more questions below

Then as a root should I just issue ' chmod 750 /home/* ' then so nobody can see each other's files not even system files? right?

Would that prevent users from seeing each other's files and system's files when they log on via SSH or logon locally?

I set Samba this way and it works when the Windows clients connect to the 'data' share. But it works just for Samba, not SSH of course.

[data]
.... ;other parameters
dont descend = Desktop evolution ;can see folders but not contents
hide dot files = yes ;treats Unix hidden files as hidden files in Windows.
hide files = alpha beta ;samba hides those files
veto files = xfiles ;xfiles will never show up


In what part of my profiles should I put this script you just gave me then? below there's sample of my profiles.



#===============sample of a profile I have on my system========
# /etc/profile

# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc

pathmunge () {
if ! echo $PATH | /bin/egrep -q "(^|$1($|" ; then
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
fi
}

# Path manipulation
if [ `id -u` = 0 ]; then
pathmunge /sbin
pathmunge /usr/sbin
pathmunge /usr/local/sbin
fi

pathmunge /usr/X11R6/bin after

unset pathmunge

# No core files by default
ulimit -S -c 0 > /dev/null 2>&1

USER="`id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"

HOSTNAME=`/bin/hostname`
HISTSIZE=1000

if [ -z "$INPUTRC" -a ! -f "$HOME/.inputrc" ]; then
INPUTRC=/etc/inputrc
fi

export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE INPUTRC

for i in /etc/profile.d/*.sh ; do
if [ -r "$i" ]; then
. $i
fi
done

unset i
#============end of sample profile =======================

Thanks guys,
el chupacabra