summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-hooks/99-permissions
blob: fbf0c2237c52be507d2b922159eb3b7815a466a9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#!/bin/sh

set -e

echo "Setting correct file permissions"

chmod 00440 /etc/sudoers.d/*

# NetworkManager requires these permissions
chmod 00600 /etc/NetworkManager/system-connections/*

# For persistent Tor settings via Tor Launcher, the debian-tor user
# must be able to write into `/etc/tor`.
chown -R debian-tor:debian-tor /etc/tor

# Otherwise, such files may be copied to /home/amnesia, and in turn
# to the persistent volume, with unsafe permissions. That's no big deal
# in /home/amnesia (that is itself not world-readable), *but* the root
# of the persistent volume has to be world-readable.
chmod -R go= /etc/skel/* /etc/skel/.[a-z]*