diff --git a/codex/ucodex_install.sh b/codex/ucodex_install.sh
index 7491c53..887a307 100755
--- a/codex/ucodex_install.sh
+++ b/codex/ucodex_install.sh
@@ -194,28 +194,29 @@ info "Applying patches..."
 python3 "$INSTALL_DIR/codex_patcher.py" --apply --all --config "$INSTALL_DIR/codex_config.json"
 log "Patches applied"
 
-# Fix ownership: sudo creates files as root, but users need to own their .codex/
+# Fix ownership: sudo creates .codex/ as root, regular users can't read it.
+# Fix SUDO_USER first (the user who actually ran sudo)
 if [ -n "${SUDO_USER:-}" ] && [ "$SUDO_USER" != "root" ]; then
     SUDO_HOME=$(eval echo "~$SUDO_USER")
     if [ -d "$SUDO_HOME/.codex" ]; then
         chown -R "$SUDO_USER" "$SUDO_HOME/.codex"
+        chmod -R u+rwX "$SUDO_HOME/.codex"
         log "Fixed ownership: $SUDO_HOME/.codex -> $SUDO_USER"
     fi
 fi
-# Also fix for all users that were patched by --all
+# Fix ALL user home directories
 if $IS_MACOS; then
-    for udir in /Users/*/.codex; do
-        [ -d "$udir" ] || continue
-        owner=$(stat -f '%Su' "$(dirname "$udir")")
-        chown -R "$owner" "$udir" 2>/dev/null && log "Fixed ownership: $udir -> $owner"
-    done
+    SCAN_DIRS="/Users"
 else
-    for udir in /home/*/.codex; do
-        [ -d "$udir" ] || continue
-        owner=$(stat -c '%U' "$(dirname "$udir")")
-        chown -R "$owner" "$udir" 2>/dev/null && log "Fixed ownership: $udir -> $owner"
-    done
+    SCAN_DIRS="/home"
 fi
+for userdir in $SCAN_DIRS/*/; do
+    [ -d "${userdir}.codex" ] || continue
+    username=$(basename "$userdir")
+    chown -R "$username" "${userdir}.codex" 2>/dev/null || true
+    chmod -R u+rwX "${userdir}.codex" 2>/dev/null || true
+    log "Fixed ownership: ${userdir}.codex -> $username"
+done
 
 # ---- Step 3: Set env vars system-wide ----