From 4eb22d8ee9ea342e43c7e71dbea7ab0441b5288e Mon Sep 17 00:00:00 2001
From: shaw <shaw-wei@foxmail.com>
Date: Thu, 18 Dec 2025 19:07:33 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E6=9C=8D=E5=8A=A1?=
 =?UTF-8?q?=E7=94=A8=E6=88=B7=20shell=20=E5=AF=BC=E8=87=B4=E6=97=A0?=
 =?UTF-8?q?=E6=B3=95=E6=89=A7=E8=A1=8C=20sudo=20=E9=87=8D=E5=90=AF?=
 =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

问题原因：
- 服务用户 sub2api 的 shell 被设置为 /bin/false
- 导致无法执行 sudo systemctl restart 命令
- 安装/升级后服务无法自动重启

修复内容：
- 新安装时使用 /bin/sh 替代 /bin/false
- 升级时自动检测并修复旧版本用户的 shell 配置
- 修复失败时给出警告和手动修复命令，不中断安装流程
---
 .gitignore        |  3 ++-
 deploy/install.sh | 17 ++++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8c5b8302..d9345a80 100644
--- a/.gitignore
+++ b/.gitignore
@@ -91,4 +91,5 @@ backend/data/
 # ===================
 tests
 CLAUDE.md
-.claude
\ No newline at end of file
+.claude
+scripts
\ No newline at end of file
diff --git a/deploy/install.sh b/deploy/install.sh
index 948fa515..eb5ddbe2 100644
--- a/deploy/install.sh
+++ b/deploy/install.sh
@@ -483,9 +483,24 @@ download_and_extract() {
 create_user() {
     if id "$SERVICE_USER" &>/dev/null; then
         print_info "$(msg 'user_exists'): $SERVICE_USER"
+        # Fix: Ensure existing user has /bin/sh shell for sudo to work
+        # Previous versions used /bin/false which prevents sudo execution
+        local current_shell
+        current_shell=$(getent passwd "$SERVICE_USER" 2>/dev/null | cut -d: -f7)
+        if [ "$current_shell" = "/bin/false" ] || [ "$current_shell" = "/sbin/nologin" ]; then
+            print_info "Fixing user shell for sudo compatibility..."
+            if usermod -s /bin/sh "$SERVICE_USER" 2>/dev/null; then
+                print_success "User shell updated to /bin/sh"
+            else
+                print_warning "Failed to update user shell. Service restart may not work automatically."
+                print_warning "Manual fix: sudo usermod -s /bin/sh $SERVICE_USER"
+            fi
+        fi
     else
         print_info "$(msg 'creating_user') $SERVICE_USER..."
-        useradd -r -s /bin/false -d "$INSTALL_DIR" "$SERVICE_USER"
+        # Use /bin/sh instead of /bin/false to allow sudo execution
+        # The user still cannot login interactively (no password set)
+        useradd -r -s /bin/sh -d "$INSTALL_DIR" "$SERVICE_USER"
         print_success "$(msg 'user_created')"
     fi
 }