Can user2...through the browser get to the home directory of user1?...if thats happening then its not good...I know that by default its 755?? for all users when their home directories get created...so why not change the perms to 700 so only the user can execute....
Code:
[arvind@attack home]$ ll
total 16
drwxr-xr-x 24 arvind wheel 4096 Aug 16 21:03 arvind
drwxr-xr-x 3 test test 4096 Aug 16 21:04 test
[arvind@attack home]$ cd test
[arvind@attack test]$ ll
total 0
[arvind@attack test]$ ls -la
total 64
drwxr-xr-x 3 test test 4096 Aug 16 21:04 .
drwxr-xr-x 4 root root 4096 Aug 16 21:03 ..
-rw------- 1 test test 47 Aug 16 21:04 .bash_history
-rw-r--r-- 1 test test 24 Aug 16 21:03 .bash_logout
-rw-r--r-- 1 test test 191 Aug 16 21:03 .bash_profile
-rw-r--r-- 1 test test 124 Aug 16 21:03 .bashrc
-rw-r--r-- 1 test test 120 Aug 16 21:03 .gtkrc
drwxr-xr-x 3 test test 4096 Aug 16 21:03 .kde
[arvind@attack test]$
[arvind@attack test]$
[arvind@attack test]$ su -test
su: invalid option -- t
Try `su --help' for more information.
[arvind@attack test]$ su - test
Password:
[test@attack ~]$ cd ..
[test@attack home]$ chmod -R 700 test
[test@attack home]$ ll
total 16
drwxr-xr-x 24 arvind wheel 4096 Aug 16 21:04 arvind
drwx------ 3 test test 4096 Aug 16 21:04 test
[test@attack home]$ logout
[arvind@attack test]$ ll
ls: .: Permission denied
[arvind@attack test]$ cd ..
[arvind@attack home]$ cd test
bash: cd: test: Permission denied
[arvind@attack home]$
Shouldnt this be fine? ... If you want to automate this for every user you add just put in a command in /etc/profile for changing permissions of each new user...
You dont need to play around with the umask at all.
Let me know if this helps...
Cheers
Arvind