isobuild/config/hooks/normal/0200-fix-permissions.hook.chroot

#!/bin/sh
# Final permissions fix before squashfs creation
# Ensures /etc and critical directories have correct permissions
# This is CRITICAL - wrong permissions break login, networking, and services

set -e

echo "Fixing critical directory permissions..."

# /etc must be world-readable for systemd and other services to work
chmod 755 /etc

# Fix all subdirectories in /etc that need to be readable
for dir in /etc/systemd /etc/systemd/system /etc/systemd/network \
           /etc/default /etc/security /etc/pam.d /etc/skel \
           /etc/profile.d /etc/sudoers.d /etc/bash_completion.d \
           /etc/apt /etc/dpkg /etc/ssl /etc/ssh /etc/sway; do
    if [ -d "$dir" ]; then
        chmod 755 "$dir"
    fi
done

# Critical files that must be world-readable for system to function
# These are essential for user/group lookups and shell login
for file in /etc/passwd /etc/group /etc/hosts /etc/hostname \
            /etc/profile /etc/bash.bashrc /etc/environment \
            /etc/shells /etc/nsswitch.conf /etc/resolv.conf \
            /etc/machine-id /etc/ld.so.conf; do
    if [ -f "$file" ]; then
        chmod 644 "$file"
    fi
done

# Shadow files should be root-only readable
chmod 640 /etc/shadow 2>/dev/null || true
chmod 640 /etc/gshadow 2>/dev/null || true

# Sudoers files need specific permissions
chmod 440 /etc/sudoers 2>/dev/null || true
if [ -d /etc/sudoers.d ]; then
    find /etc/sudoers.d -type f -exec chmod 440 {} \;
fi

# Fix network config file permissions
if [ -f /etc/systemd/network/10-wired.network ]; then
    chmod 644 /etc/systemd/network/10-wired.network
fi

# Recursively fix /etc - directories should be 755, files 644 (except special cases)
find /etc -type d -exec chmod 755 {} \; 2>/dev/null || true

echo "Permissions fixed."
initial 2026-01-08 18:33:14 +00:00			`#!/bin/sh`
			`# Final permissions fix before squashfs creation`
			`# Ensures /etc and critical directories have correct permissions`
			`# This is CRITICAL - wrong permissions break login, networking, and services`

			`set -e`

			`echo "Fixing critical directory permissions..."`

			`# /etc must be world-readable for systemd and other services to work`
			`chmod 755 /etc`

			`# Fix all subdirectories in /etc that need to be readable`
			`for dir in /etc/systemd /etc/systemd/system /etc/systemd/network \`
			`/etc/default /etc/security /etc/pam.d /etc/skel \`
			`/etc/profile.d /etc/sudoers.d /etc/bash_completion.d \`
			`/etc/apt /etc/dpkg /etc/ssl /etc/ssh /etc/sway; do`
			`if [ -d "$dir" ]; then`
			`chmod 755 "$dir"`
			`fi`
			`done`

			`# Critical files that must be world-readable for system to function`
			`# These are essential for user/group lookups and shell login`
			`for file in /etc/passwd /etc/group /etc/hosts /etc/hostname \`
			`/etc/profile /etc/bash.bashrc /etc/environment \`
			`/etc/shells /etc/nsswitch.conf /etc/resolv.conf \`
			`/etc/machine-id /etc/ld.so.conf; do`
			`if [ -f "$file" ]; then`
			`chmod 644 "$file"`
			`fi`
			`done`

			`# Shadow files should be root-only readable`
			`chmod 640 /etc/shadow 2>/dev/null \|\| true`
			`chmod 640 /etc/gshadow 2>/dev/null \|\| true`

			`# Sudoers files need specific permissions`
			`chmod 440 /etc/sudoers 2>/dev/null \|\| true`
			`if [ -d /etc/sudoers.d ]; then`
			`find /etc/sudoers.d -type f -exec chmod 440 {} \;`
			`fi`

			`# Fix network config file permissions`
			`if [ -f /etc/systemd/network/10-wired.network ]; then`
			`chmod 644 /etc/systemd/network/10-wired.network`
			`fi`

			`# Recursively fix /etc - directories should be 755, files 644 (except special cases)`
			`find /etc -type d -exec chmod 755 {} \; 2>/dev/null \|\| true`

			`echo "Permissions fixed."`