# fss-0002
# Correct file permissions for known common directories
# This is identical to the core rule called 'prepare' in terms of most directory permissions

main:
  chmod u+rwx,g+rx-w,o+x-rw / /bin /etc /lib /home/{users,targets} /dev /sbin
  chmod u+rwx,g+rxs-w,o+x-rw /etc /share /home /var /mnt
  chmod u+rwx,g+rx-w,o-rwx /sys $root_user_home_dir
  chmod u+rwx,g+rwx,o-rw+x /var/cache
  chmod u+rwx,g+rxs-w,o-rw+x /var/{run,log}
  chmod u+rwx,g+rxs-w,o-rwx /share/{icons,applications,desktop-directories,fonts,themes,kiwi} /etc/kiwi{,/layouts}
  chmod u+rwx,g+rx-w,o-rw+x /home/users /boot/system
  chmod u+rwx,g+rwxs,o-rw+x /home/{share,music} /etc/network/
  chmod u+rwx,g+rxs-w,o-rwx /checksum /firmware /modules ${TC} /documentation /boot/{grub,settings,live,memtest} /etc/profile.d/
  chmod u+rwx,g+rxs-w,o+x-rw /boot
  chmod u+rwx,g+rxs-w,o-rwx,+t /tmp
  chmod u+rwx,g+rxs-w,o-rwx /etc/udev/
  chgrp d_root /
  chgrp d_module -hR /modules
  chgrp d_firmware -hR /firmware
  chgrp d_boot /boot/{,grub,settings,system,live,memtest}
  chgrp d_checksum -hR /checksum/
  chgrp d_icon -hR /share/icons
  chgrp d_share -hR /home/share
  chgrp d_music -hR /home/music
  chgrp d_program /bin
  chgrp d_program_system /sbin
  chgrp d_device /dev
  chgrp d_setting /etc
  chgrp d_home /home
  chgrp d_library /lib
  chgrp d_data /share
  chgrp d_toolchain ${TC}
  chgrp k_system /sys
  chgrp k_process /proc
  chgrp d_temporary /tmp
  chgrp d_mount /mnt
  chgrp d_variable /var
  chgrp d_cache /var/cache
  chgrp d_run /var/run
  chgrp d_log /var/log
  chgrp e_network_admin /etc/network
  chgrp d_user /home/users
  chgrp d_target /home/targets
  chgrp d_lock /var/locks
  chgrp d_icon /share/icons
  chgrp e_application /share/applications /share/desktop-directories /share/themes
  chgrp d_font /share/fonts
  chgrp e_install /share/kiwi /etc/kiwi{,/layouts}
  chgrp e_public /etc/profile.d/
  chgrp e_udev /etc/udev/
  find /etc/udev -type d -exec chmod g+s '{}' ';'
