/usr/lib/security-misc/permission-lockdown runs:
chmod o-rwx /home/user
chmod others (o) remove (-) permissions:
- read (
r) - write (
w) - execute (
x) (linux - Why must a folder be executable? - Super User)
Which is very important for meaningful user separation.
Whonix KVM shared folder needs a cleaner solution. Putting it in user home folder /home/user/shared is unclean. Mentioned here: