fixing permission bits for 'ADD root /'

[praiskup]

I recently set 'umask 0077' on my box. This causes that 'git clone' results in lot of files and directories with at most rwx------ permissions, which is desired (for me, as I consider this to be rather safe default on multi-user box while I also need to have 'o+x' on my home directory).

When the image is then build on such box, Dockerfile instruction ADD root / causes that (for example) /usr directory has drwx------ root root permissions and, for all users except for root, we are unable to execve() any file within /usr/bin/... That results in magic error messages for any command executed after USER 26 instruction.

This shouldn't be an immediate issue, but ATM the permissions under root are rather not precisely defined. And I'm thinking about writing pull request for hack/build.sh or fix-permissions explicitly ensuring that (some important) files/directories under root git directories have explicit permissions, others have 755 (directories) and 644 (regular files without execute bit held by git) and 755 (for executable files).

Also, it could be considered good policy to re-install filesystem package right before the yum clean all call, that re-sets the permissions for some important system directories according to defaults.

WDYT?

[pkubatrh]

Some parts might have been already fixed by the accidental use of umask 0077 in rhel8 CI (https://github.com/sclorg/container-common-scripts/issues/119)

Will need to revisit properly, but low priority for now