From c7137bd8c7634d03d41deda18c0dd8b37a35a774 Mon Sep 17 00:00:00 2001
From: David Kwon <dakwon@redhat.com>
Date: Thu, 2 Oct 2025 15:17:31 -0400
Subject: [PATCH] fix: remove group write permissions for /etc/passwd

Signed-off-by: David Kwon <dakwon@redhat.com>
---
 build/bin/user_setup | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/build/bin/user_setup b/build/bin/user_setup
index 1e36064..2616a75 100755
--- a/build/bin/user_setup
+++ b/build/bin/user_setup
@@ -6,8 +6,7 @@ mkdir -p ${HOME}
 chown ${USER_UID}:0 ${HOME}
 chmod ug+rwx ${HOME}
 
-# runtime user will need to be able to self-insert in /etc/passwd
-chmod g+rw /etc/passwd
+chmod g-w /etc/passwd
 
 # no need for this script to remain in the image after running
 rm $0