45 lines
1.2 KiB
Bash
45 lines
1.2 KiB
Bash
|
#!/bin/sh
|
|||
|
|
set -e
|
|||
|
|
|
|||
|
|
# ======================================================
|
|||
|
|
# 飞牛 NAS 安装公钥 & 修复权限 & 添加 sudo NOPASSWD(避免重复)
|
|||
|
|
# ======================================================
|
|||
|
|
|
|||
|
|
USER_NAME="$1"
|
|||
|
|
PUB_KEY_PATH="$2"
|
|||
|
|
|
|||
|
|
if [ -z "$USER_NAME" ] || [ -z "$PUB_KEY_PATH" ]; then
|
|||
|
|
echo "用法: $0 <用户名> <公钥文件路径>"
|
|||
|
|
exit 1
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
HOME_DIR="/home/$USER_NAME"
|
|||
|
|
SSH_DIR="$HOME_DIR/.ssh"
|
|||
|
|
AUTH_KEYS="$SSH_DIR/authorized_keys"
|
|||
|
|
|
|||
|
|
# ===== 安装公钥 =====
|
|||
|
|
mkdir -p "$SSH_DIR"
|
|||
|
|
cp -f "$PUB_KEY_PATH" "$AUTH_KEYS"
|
|||
|
|
|
|||
|
|
# 修复权限
|
|||
|
|
chown "$USER_NAME" "$HOME_DIR" "$SSH_DIR" "$AUTH_KEYS"
|
|||
|
|
chmod 700 "$SSH_DIR"
|
|||
|
|
chmod 600 "$AUTH_KEYS"
|
|||
|
|
|
|||
|
|
echo "✅ 公钥已安装并权限修复完成"
|
|||
|
|
|
|||
|
|
# ===== 配置 sudoers NOPASSWD =====
|
|||
|
|
SUDO_FILE="/etc/sudoers.d/${USER_NAME}_poweroff"
|
|||
|
|
SUDO_RULE="$USER_NAME ALL=(root) NOPASSWD:/usr/bin/systemctl poweroff"
|
|||
|
|
|
|||
|
|
# 如果文件不存在或者文件内容不同,则写入
|
|||
|
|
if [ ! -f "$SUDO_FILE" ] || ! grep -Fxq "$SUDO_RULE" "$SUDO_FILE"; then
|
|||
|
|
echo "$SUDO_RULE" > "$SUDO_FILE"
|
|||
|
|
chmod 440 "$SUDO_FILE"
|
|||
|
|
echo "✅ sudoers 已添加 NOPASSWD 规则 ($SUDO_FILE)"
|
|||
|
|
else
|
|||
|
|
echo "⚠️ sudoers NOPASSWD 规则已存在,无需重复添加"
|
|||
|
|
fi
|
|||
|
|
|
|||
|
|
echo "可以测试: ssh $USER_NAME@NAS_IP 'sudo -n /usr/bin/systemctl poweroff'"
|