Ubuntu: default access mode (permissions) for users home dir (/home/user)

When creating a user using useradd --create-home username, the skeleton directory (usually /etc/skel) is copied, including its permissions.

The home directory (/home/username) is subject to the UMASK setting in /etc/login.defs. This is set to 022 by default, so the permissions for /home/username becomes 755.

Relevant excerpt from the Ubuntu manual page of useradd:

The following configuration variables in /etc/login.defs change the behavior of this tool:
[..]
UMASK (number)

The file mode creation mask is initialized to this value. If not specified, the mask will be initialized to 022.

useradd and newusers use this mask to set the mode of the home directory they create

Default permission of user home can be controlled in following places.

• The skeleton directory option (-k, --skel SKEL_DIR) of useradd.
• SKEL value in /etc/adduser.conf that define default skeleton directory.
• DIR_MODE value in /etc/adduser.conf that define default permissions.

Home directory of new users are created using /etc/skel as a template (default behavior).
Default permission of /etc/skel is 0755 (drwxr-xr-x).
Using a custom skeleton directory with correct permissions will allow new home directories to have desired permissions.

Defaults for adduser are defined in /etc/adduser.conf.
Default value of DIR_MODE in /etc/adduser.conf is 0755.
Changing DIR_MODE to correct permissions (DIR_MODE=0750 or similar) will allow new home directories to have desired permissions.
According to Ubuntu documentation, this seems to be the best option.

Already existing user home directories will need to be manually changed.

sudo chmod 0750 /home/username

So its a good idea to change /etc/adduser.conf right after the installation to avoid new users getting 0755 (drwxr-xr-x) type permissions.
Still the very first user created during installation will have 0755 set to its home directory, which should be manually changed.

UMASK in /etc/login.defs is a general setting for files/directories/etc created by users (not only in their home directories). and could get changed depending on USERGROUPS_ENAB in /etc/login.defs.

The official explanation: User Management - User Profile Security
Check other sections of User Management as well.

Related: https://askubuntu.com/questions/46501/why-can-other-users-see-the-files-in-my-home-folder

The default permissions for /home in ubuntu is rwxr-xr-x or 755. For /home/user it is also rwxr-xr-x or 755. At least it is on my installation.

To change the file permissions of the home directory, open a terminal and run something like:

chmod 700 /home/user

Remember to change the 700 to the chmod value that you actually want to set.

If you do not own the directory, you need root privileges to change the permissions. Ubuntu uses sudo for that:

sudo chmod 700 /home/user

When you run this command it will ask for the administrator password.

Check the umask man page.

The default umask setting is

0022

Allows group and others read and execute access.