fix: use --allow-bad-names for dotted usernames, configure passwordless sudo

2026-04-12 13:32:08 +08:00 · 2026-04-12 13:32:08 +08:00 · bd6556768d
commit bd6556768d
parent 0ab0e12b05
1 changed files with 7 additions and 3 deletions
--- a/setup-cf-browser-ssh.sh
+++ b/setup-cf-browser-ssh.sh
@ -465,9 +465,13 @@ create_login_user() {
  fi

  info "创建用户 '$user'（无密码，仅证书登录）..."
-  adduser --disabled-password --gecos "" "$user"
-  usermod -aG sudo "$user"
-  info "用户 '$user' 已创建并加入 sudo 组 ✓"
+  adduser --disabled-password --gecos "" --allow-bad-names "$user"
+
+  # 配置免密 sudo（证书用户没有密码，普通 sudo 组会要求输入密码）
+  local sudoers_file="/etc/sudoers.d/${user//[^a-zA-Z0-9_-]/-}"
+  echo "$user ALL=(ALL) NOPASSWD:ALL" > "$sudoers_file"
+  chmod 440 "$sudoers_file"
+  info "用户 '$user' 已创建，免密 sudo 已配置 ✓"
 }

 # ----- 打印后续手工步骤 -----