fix(codex): patch all users, not just root — add --all flag and fix macOS UID threshold

- Install script now runs patcher with --all to patch every user's ~/.codex/config.toml - Fix list_users() UID threshold: macOS starts at 500, Linux at 1000 - Fix file ownership: chown config files to the actual user after patching Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 17:54:43 +00:00
parent 128ec80ed0
commit ab6be896bd
2 changed files with 11 additions and 4 deletions
--- a/codex/codex_patcher.py
+++ b/codex/codex_patcher.py
@@ -664,7 +664,8 @@ def list_users():
            home = pw.pw_dir
            if not os.path.isdir(home):
                continue
-            if pw.pw_uid < 1000 and pw.pw_uid != 0:
+            min_uid = 500 if IS_MACOS else 1000
+            if pw.pw_uid < min_uid and pw.pw_uid != 0:
                continue
            if pw.pw_shell in ("/usr/sbin/nologin", "/bin/false"):
                continue
@@ -674,7 +675,7 @@ def list_users():
    return users


-def patch_user(user_home, config):
+def patch_user(user_home, config, uid=None, gid=None):
    """Patch a single user's ~/.codex/ config."""
    codex_dir = os.path.join(user_home, ".codex")
    os.makedirs(codex_dir, exist_ok=True)
@@ -693,6 +694,12 @@ def patch_user(user_home, config):
    with open(config_path, "w", encoding="utf-8") as f:
        f.write(new_content)

+    # Fix ownership so files belong to the user, not root
+    if uid is not None and gid is not None:
+        for path in [codex_dir, config_path, catalog_path]:
+            if os.path.exists(path):
+                os.chown(path, uid, gid)
+
    return True


@@ -741,7 +748,7 @@ def main():
                if user.pw_dir == os.path.expanduser("~"):
                    continue
                try:
-                    patch_user(user.pw_dir, config)
+                    patch_user(user.pw_dir, config, uid=user.pw_uid, gid=user.pw_gid)
                    print(f"  Patched {user.pw_name}: {user.pw_dir}/.codex/config.toml")
                except Exception as e:
                    print(f"  {RED}Failed {user.pw_name}: {e}{RESET}")
--- a/codex/ucodex_install.sh
+++ b/codex/ucodex_install.sh
@@ -179,7 +179,7 @@ curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "$REPO_RAW/codex_patcher.py"
 curl -fsSL -H "Authorization: token ${GITEA_TOKEN}" "$REPO_RAW/codex_config.json" -o "$INSTALL_DIR/codex_config.json"

 info "Applying patches..."
-python3 "$INSTALL_DIR/codex_patcher.py" --apply --config "$INSTALL_DIR/codex_config.json"
+python3 "$INSTALL_DIR/codex_patcher.py" --apply --all --config "$INSTALL_DIR/codex_config.json"
 log "Patches applied"

 # ---- Step 3: Set env vars system-wide ----