|
1 | 1 | #!/bin/bash |
2 | | -# This hook runs inside the live system chroot during build |
3 | | -# Ensures proper permissions for /usr/share/pixmaps, /etc, and related files |
4 | | - |
5 | 2 | set -e |
6 | 3 |
|
7 | | -echo "[Hook] Setting ownerships and permissions for /usr/share/pixmaps and /etc" |
8 | | - |
9 | | -# --- General ownership: everything belongs to root --- |
10 | | -chown -R root:root /usr/share/pixmaps || true |
11 | | -chown -R root:root /etc || true |
| 4 | +echo "[Hook] Fixing ownerships and permissions" |
12 | 5 |
|
13 | | -# --- /usr/share/pixmaps/ --- |
14 | | -# Make all images and subdirs readable and executable by all users |
15 | | -chmod -R 755 /usr/share/pixmaps || true |
| 6 | +# --- /usr/share/pixmaps --- |
| 7 | +chown -R root:root /usr/share/pixmaps 2>/dev/null || true |
| 8 | +chmod -R 755 /usr/share/pixmaps 2>/dev/null || true |
16 | 9 |
|
17 | | -# --- /usr/share/plasma/desktoptheme/Ocean/ --- |
18 | | -# Ensure proper ownership and permissions for Plasma desktop theme |
19 | | -if [ -d /usr/share/plasma/desktoptheme/Ocean ]; then |
20 | | - chown -R root:root /usr/share/plasma/ || true |
21 | | - chmod -R 755 /usr/share/plasma/|| true |
22 | | -else |
23 | | - # Ensure parent directories exist and are properly owned |
24 | | - chown -R root:root /usr/share/plasma |
25 | | - chmod -R 755 /usr/share/plasma |
26 | | -fi |
| 10 | +# --- /etc/ directories --- |
| 11 | +find /etc -type d -exec chmod 755 {} \; 2>/dev/null || true |
27 | 12 |
|
28 | | -# --- /etc/ general directories and files --- |
29 | | -# Everything readable by all, writable only by root |
30 | | -chmod -R 755 /etc || true |
31 | | - |
32 | | -# --- Sensitive files: tighten permissions --- |
| 13 | +# --- Sensitive files --- |
33 | 14 | chmod 600 /etc/shadow /etc/gshadow 2>/dev/null || true |
34 | | -chmod 640 /etc/passwd /etc/group 2>/dev/null || true |
| 15 | +chmod 644 /etc/passwd /etc/group /etc/os-release /etc/hostname 2>/dev/null || true |
35 | 16 | chmod 640 /etc/sudoers 2>/dev/null || true |
36 | 17 | chmod 600 /etc/securetty 2>/dev/null || true |
37 | 18 |
|
38 | 19 | # --- /etc/skel --- |
39 | | -# Default user template files should be readable by all |
40 | 20 | if [ -d /etc/skel ]; then |
41 | 21 | chown -R root:root /etc/skel |
42 | 22 | chmod -R 755 /etc/skel |
43 | 23 | fi |
44 | 24 |
|
45 | | -# --- /etc/hostname --- |
46 | | -# Should be owned by root and readable by all (one line text file) |
47 | | -if [ -f /etc/hostname ]; then |
48 | | - chown root:root /etc/hostname |
49 | | - chmod 644 /etc/hostname |
50 | | -fi |
51 | | - |
52 | | -# --- /etc/os-release --- |
53 | | -# System identification file, should be world-readable |
54 | | -if [ -f /etc/os-release ]; then |
55 | | - chown root:root /etc/os-release |
56 | | - chmod 644 /etc/os-release |
57 | | -fi |
58 | | - |
59 | 25 | # --- /etc/xdg/kdeglobals --- |
60 | | -# Ensure directory and file exist with proper permissions |
61 | | -touch /etc/xdg/kdeglobals |
62 | | -chown root:root /etc/xdg /etc/xdg/kdeglobals |
63 | | -chmod 755 /etc/xdg |
64 | | -chmod 644 /etc/xdg/kdeglobals |
| 26 | +if [ -f /etc/xdg/kdeglobals ]; then |
| 27 | + chown root:root /etc/xdg/kdeglobals |
| 28 | + chmod 644 /etc/xdg/kdeglobals |
| 29 | +fi |
65 | 30 |
|
66 | 31 | echo "[Hook] Permission adjustments complete." |
67 | 32 |
|
0 commit comments