In a narrative exploring the evolution of file management and security issues in modern computing, a team grapples with challenges related to file permissions in Docker containers managed by Buildkite agents on AWS EC2 instances. Initially, they employ a Bash script with sudo permissions to correct file ownership issues, but this approach is plagued by inefficiencies and vulnerabilities, including the potential for symlink exploitation. Despite attempts to safeguard the process through checks and potential use of chroot jails, security concerns persist due to TOCTOU (time-of-check to time-of-use) vulnerabilities, highlighting the difficulty of securely managing file permissions with untrusted inputs. Ultimately, they discover a solution in the form of the Linux kernel's openat2 system call, which allows for secure path resolution by ensuring subpaths are free of symlinks, akin to a per-open-call chroot jail, and propose implementing a custom recursive chown using this technique to mitigate the security risks.