From c8c56b58b7434a868fd350610bdcc20d58c99abe Mon Sep 17 00:00:00 2001
From: delta-cloud-208e <delta-cloud-208e@device.local>
Date: Tue, 10 Mar 2026 18:34:22 +0000
Subject: [PATCH] fix(codex): force chown+chmod on all user .codex dirs after
 install
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previous chown was unreliable — stat-based owner detection, missing
chmod, SUDO_USER edge cases. Now: simple loop over /Users/* (macOS)
or /home/* (Linux), chown -R + chmod -R u+rwX for each.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 codex/ucodex_install.sh | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/codex/ucodex_install.sh b/codex/ucodex_install.sh
index 7491c53..887a307 100755
--- a/codex/ucodex_install.sh
+++ b/codex/ucodex_install.sh
@@ -194,28 +194,29 @@ info "Applying patches..."
 python3 "$INSTALL_DIR/codex_patcher.py" --apply --all --config "$INSTALL_DIR/codex_config.json"
 log "Patches applied"
 
-# Fix ownership: sudo creates files as root, but users need to own their .codex/
+# Fix ownership: sudo creates .codex/ as root, regular users can't read it.
+# Fix SUDO_USER first (the user who actually ran sudo)
 if [ -n "${SUDO_USER:-}" ] && [ "$SUDO_USER" != "root" ]; then
     SUDO_HOME=$(eval echo "~$SUDO_USER")
     if [ -d "$SUDO_HOME/.codex" ]; then
         chown -R "$SUDO_USER" "$SUDO_HOME/.codex"
+        chmod -R u+rwX "$SUDO_HOME/.codex"
         log "Fixed ownership: $SUDO_HOME/.codex -> $SUDO_USER"
     fi
 fi
-# Also fix for all users that were patched by --all
+# Fix ALL user home directories
 if $IS_MACOS; then
-    for udir in /Users/*/.codex; do
-        [ -d "$udir" ] || continue
-        owner=$(stat -f '%Su' "$(dirname "$udir")")
-        chown -R "$owner" "$udir" 2>/dev/null && log "Fixed ownership: $udir -> $owner"
-    done
+    SCAN_DIRS="/Users"
 else
-    for udir in /home/*/.codex; do
-        [ -d "$udir" ] || continue
-        owner=$(stat -c '%U' "$(dirname "$udir")")
-        chown -R "$owner" "$udir" 2>/dev/null && log "Fixed ownership: $udir -> $owner"
-    done
+    SCAN_DIRS="/home"
 fi
+for userdir in $SCAN_DIRS/*/; do
+    [ -d "${userdir}.codex" ] || continue
+    username=$(basename "$userdir")
+    chown -R "$username" "${userdir}.codex" 2>/dev/null || true
+    chmod -R u+rwX "${userdir}.codex" 2>/dev/null || true
+    log "Fixed ownership: ${userdir}.codex -> $username"
+done
 
 # ---- Step 3: Set env vars system-wide ----