53 lines
1.7 KiB
Bash
Executable File
53 lines
1.7 KiB
Bash
Executable File
#!/bin/sh
|
|
# Final permissions fix before squashfs creation
|
|
# Ensures /etc and critical directories have correct permissions
|
|
# This is CRITICAL - wrong permissions break login, networking, and services
|
|
|
|
set -e
|
|
|
|
echo "Fixing critical directory permissions..."
|
|
|
|
# /etc must be world-readable for systemd and other services to work
|
|
chmod 755 /etc
|
|
|
|
# Fix all subdirectories in /etc that need to be readable
|
|
for dir in /etc/systemd /etc/systemd/system /etc/systemd/network \
|
|
/etc/default /etc/security /etc/pam.d /etc/skel \
|
|
/etc/profile.d /etc/sudoers.d /etc/bash_completion.d \
|
|
/etc/apt /etc/dpkg /etc/ssl /etc/ssh /etc/sway; do
|
|
if [ -d "$dir" ]; then
|
|
chmod 755 "$dir"
|
|
fi
|
|
done
|
|
|
|
# Critical files that must be world-readable for system to function
|
|
# These are essential for user/group lookups and shell login
|
|
for file in /etc/passwd /etc/group /etc/hosts /etc/hostname \
|
|
/etc/profile /etc/bash.bashrc /etc/environment \
|
|
/etc/shells /etc/nsswitch.conf /etc/resolv.conf \
|
|
/etc/machine-id /etc/ld.so.conf; do
|
|
if [ -f "$file" ]; then
|
|
chmod 644 "$file"
|
|
fi
|
|
done
|
|
|
|
# Shadow files should be root-only readable
|
|
chmod 640 /etc/shadow 2>/dev/null || true
|
|
chmod 640 /etc/gshadow 2>/dev/null || true
|
|
|
|
# Sudoers files need specific permissions
|
|
chmod 440 /etc/sudoers 2>/dev/null || true
|
|
if [ -d /etc/sudoers.d ]; then
|
|
find /etc/sudoers.d -type f -exec chmod 440 {} \;
|
|
fi
|
|
|
|
# Fix network config file permissions
|
|
if [ -f /etc/systemd/network/10-wired.network ]; then
|
|
chmod 644 /etc/systemd/network/10-wired.network
|
|
fi
|
|
|
|
# Recursively fix /etc - directories should be 755, files 644 (except special cases)
|
|
find /etc -type d -exec chmod 755 {} \; 2>/dev/null || true
|
|
|
|
echo "Permissions fixed."
|