From b51ad0d893a9e59c45c20b74373236326875e527 Mon Sep 17 00:00:00 2001
From: shaw <shaw-wei@foxmail.com>
Date: Thu, 18 Dec 2025 19:17:05 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20sudoers=20=E4=B8=AD?=
 =?UTF-8?q?=20systemctl=20=E8=B7=AF=E5=BE=84=E4=B8=8D=E5=85=BC=E5=AE=B9?=
 =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

问题原因：
- sudoers 只配置了 /bin/systemctl 路径
- 部分系统（如 Ubuntu 22.04+）的 systemctl 位于 /usr/bin/systemctl
- 路径不匹配导致 sudo 仍然需要密码

修复内容：
- 同时支持 /bin/systemctl 和 /usr/bin/systemctl 两个路径
- 兼容 Debian/Ubuntu 和 RHEL/CentOS 等不同发行版
---
 deploy/install.sh      | 4 ++++
 deploy/sub2api-sudoers | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/deploy/install.sh b/deploy/install.sh
index eb5ddbe2..94fc7849 100644
--- a/deploy/install.sh
+++ b/deploy/install.sh
@@ -530,11 +530,15 @@ setup_sudoers() {
         cp "$INSTALL_DIR/sub2api-sudoers" /etc/sudoers.d/sub2api
     else
         # Create sudoers file
+        # Support both /bin/systemctl and /usr/bin/systemctl for different distros
         cat > /etc/sudoers.d/sub2api << 'EOF'
 # Sudoers configuration for Sub2API
 sub2api ALL=(ALL) NOPASSWD: /bin/systemctl restart sub2api
 sub2api ALL=(ALL) NOPASSWD: /bin/systemctl stop sub2api
 sub2api ALL=(ALL) NOPASSWD: /bin/systemctl start sub2api
+sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart sub2api
+sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop sub2api
+sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl start sub2api
 EOF
     fi
 
diff --git a/deploy/sub2api-sudoers b/deploy/sub2api-sudoers
index 8ce6da2c..fdd5400f 100644
--- a/deploy/sub2api-sudoers
+++ b/deploy/sub2api-sudoers
@@ -8,6 +8,10 @@
 # SECURITY NOTE: This grants limited sudo access only for service management
 
 # Allow sub2api user to restart the service without password
+# Support both /bin/systemctl (Debian/Ubuntu) and /usr/bin/systemctl (RHEL/CentOS)
 sub2api ALL=(ALL) NOPASSWD: /bin/systemctl restart sub2api
 sub2api ALL=(ALL) NOPASSWD: /bin/systemctl stop sub2api
 sub2api ALL=(ALL) NOPASSWD: /bin/systemctl start sub2api
+sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart sub2api
+sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop sub2api
+sub2api ALL=(ALL) NOPASSWD: /usr/bin/systemctl start sub2api