Permissions för 'home' dataset- best practices?

[guermantes]

Hello,
I initially had great problems to configure SSH key-based authorization for new user accounts on Freenas 11.0-U4. My problem was that whenever I created a new user the permissions on their home folder, e.g., username, .ssh folder and authorized_keys file would be too lax, and SSH would not authorize until I removed permissions from group and everyone. I ranted a lot in private against Freenas for not being able to give proper permissions to .ssh/ and authorized_keys, even though I set owner-only permissions for the new user's home directory, before realizing that the problem was that I had set too lax permissions on the /home dataset that were inherited when the user home was being mapped there, effectively overriding the permissions I set for the user's home directory.

When I created my home dataset I just went with the defaults. In the guide I see no discussion about doing otherwise (although it will entail SSH problems).

Are there best practices for the home dataset that I ignore?

 

[m0nkey_]

My preferred method is to create the base home directory as a UNIX type dataset. In theory, only one person (the user) should be accessing it. I also create a dataset per user (again with the UNIX type), allowing for better control over snapshots and replication.