#!/bin/bash # As we progress, we may find additional files REQUIRING special permissions. # Set write permissions for these files and directories in the chroot here. # This allows write access to the Welcome Screen database to users in the "cdrom" group. # IF this a system wide file, one user can disable or turn it off for *ALL* accounts. # If this is meant to be on a per user basis, put the .db in ${HOME}/.config . # Or rewrite welcome.py to write to the .db WHICH user requested to disable this feature. # Set Permissions on desktop files # Desktop links chmod 755 /usr/share/applications/Pephub.desktop chmod 755 /usr/share/applications/Welcome.desktop chmod 755 /usr/share/applications/plank.desktop chmod 755 /usr/share/applications/kumo.desktop chmod 755 /usr/share/applications/Install-peppermint.desktop # Executables chmod 755 /usr/local/bin/hub chmod 755 /usr/local/bin/xDaily chmod 755 /usr/local/bin/kumo chmod 755 /usr/local/bin/welcome chmod 755 /usr/bin/install-peppermint # Set permissions on the Python libs chmod 755 -R /usr/lib/python3/dist-packages/tendo chmod 755 -R /usr/lib/python3/dist-packages/tendo-0.3.0.dist-info chmod 755 -R /usr/lib/python3/dist-packages/ttkbootstrap chmod 755 -R /usr/lib/python3/dist-packages/ttkbootstrap-1.10.1.dist-info chmod 755 -R /usr/lib/python3/dist-packages/ttkcreator # Set permissions on the lines theme chmod 755 -R /usr/share/desktop-base/lines-theme # Set Grub Themes Permission chmod 755 -R /boot/grub/themes # Set the Calamares Permissions] chmod 755 -R /etc/calamares ### After installation, additional groups to add new users to. grep -B99 "#EXTRA_GROUPS=" /etc/adduser.conf > /etc/adduser.conf.new grep "#EXTRA_GROUPS=" /etc/adduser.conf | cut -c2- >> /etc/adduser.conf.new grep -B3 "#ADD_EXTRA_GROUPS=" /etc/adduser.conf >> /etc/adduser.conf.new grep "#ADD_EXTRA_GROUPS=" /etc/adduser.conf | cut -c2- >> /etc/adduser.conf.new grep -B3 "#NAME_REGEX=" /etc/adduser.conf >> /etc/adduser.conf.new # These are for the 3 installer scripts - icons.sh, themes.sh & walls.sh # In 0600- we created symlinks to these directories. This makes them writable. chmod 755 -R /usr/share/icons chmod 755 -R /usr/share/themes chmod 755 -R /usr/share/backgrounds chmod 755 -R /usr/share/pixmaps # Quick patch from https://www.zdnet.com/article/major-linux-policykit-security-vulnerability-uncovered-pwnkit/ #chmod 0755 /usr/bin/pkexec # Their patch didn't work "pkexec must be setuid root"