Skip to content

fix: allow group-writable files and root-owned system files in safe_source #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
maxrantil merged 2 commits into from
Nov 23, 2025
Merged

fix: allow group-writable files and root-owned system files in safe_source #77

maxrantil merged 2 commits into from
Nov 23, 2025

Conversation

@maxrantil
Copy link
Owner

@maxrantil maxrantil commented Nov 23, 2025

Summary

  • Fixes permission check to allow 664 (group-writable) files
  • Allows root-owned system files in /usr/share/ (zsh plugins)

Fixes #76

Problem

The safe_source function was too restrictive:

  1. Rejected files with permission 664 (group-readable/writable) because 664 > 644
  2. Rejected root-owned system files, breaking apt-installed zsh plugins

Changes

Permission check (line 72-80):

  • Old: Rejected anything > 644 or ending in 2,3,6,7
  • New: Only rejects world-writable (last digit 2,3,6,7) or > 775

Ownership check (line 52-60):

  • Old: Required file to be owned by current user
  • New: Also allows root-owned files in /usr/share/*

Test plan

  • Verified 644, 664, 755, 775 are accepted
  • Verified 666, 777, 646, 776 are rejected
  • Verified root-owned /usr/share/* files are accepted
  • Verified other root-owned files outside /usr/share are rejected
  • Test on fresh VM provisioning

@maxrantil
fix: allow group-writable files and root-owned system files in safe_s…
ca0ada8 
…ource

Fixes #76

The safe_source function was too restrictive:
1. Rejected files with permission 664 (group-writable) even though
   this is a common and safe permission for dotfiles
2. Rejected root-owned system files in /usr/share/, breaking
   zsh-syntax-highlighting and zsh-autosuggestions

Changes:
- Permission check now allows up to 775, only rejects world-writable
  (permissions ending in 2, 3, 6, 7 for the "other" field)
- Ownership check now allows root-owned files in /usr/share/*

This fixes aliases and zsh plugins not loading on freshly provisioned VMs.
@maxrantil maxrantil merged commit 33ad3c7 into master Nov 23, 2025
13 checks passed
@maxrantil maxrantil deleted the fix/issue-76-safe-source-permissions branch November 23, 2025 19:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

safe_source rejects valid file permissions (664) and root-owned system files

2 participants

@maxrantil