On a Debian or Ubuntu system, we need to make sure that when a new user is created it’s files are not generally available for reading to other non-root users.

By default home folders are created with 0755 permissions (readable by everyone). To change this we just need to adjust a parameter in the /etc/adduser.conf configuration file:

DIR_MODE=0700

This does not mean their files are fully safe from reading, this just adds a new layer of privacy for your users.