From cda2881cf5e72c4901a0f9d24b3c41f6dd3151f3 Mon Sep 17 00:00:00 2001
From: "luk.lu" <luk.lu@faronear.org>
Date: Tue, 15 Nov 2022 14:05:27 +0800
Subject: [PATCH] u

---
 debian-add-user.sh |  1 -
 debian-config.sh   | 10 +++++++---
 home-config.sh     | 27 +++++++++++++--------------
 3 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/debian-add-user.sh b/debian-add-user.sh
index 8720837..694ffb0 100755
--- a/debian-add-user.sh
+++ b/debian-add-user.sh
@@ -41,7 +41,6 @@ else
 fi
 echo
 
-# 注意，由 root 为新用户创建的配置文件的 owner 是 root，而不是新用户
 if [ $NewUser = 'adot' ]
 then
   source /faronear/fon/sysconfig/home-config.sh /faronear/fon/sysconfig/nixhome $NewUser
diff --git a/debian-config.sh b/debian-config.sh
index 229834b..13ef8c4 100755
--- a/debian-config.sh
+++ b/debian-config.sh
@@ -41,14 +41,18 @@ echo "=== Configure root home"
 source /faronear/fon/sysconfig/home-config.sh /faronear/fon/sysconfig/nixhome
 echo
 
-echo "=== Change root password"
-passwd
+echo "=== Change root password? <y> for yes, anything else for omit:"
+read -p ">>> " ChangeRootPassword
+if [ "$ChangeRootPassword" == 'y' ]
+then
+  passwd
+fi
 echo 
 
 echo "=== Configure /etc/sudoers"
 chmod o+w /etc/sudoers
 #sed -i "s|%sudo\s\+ALL=(ALL:ALL)\sALL|%sudo\tALL=(ALL:ALL) NOPASSWD:ALL|g" /etc/sudoers  # allow all users in %sudo group to sudo without password
-sed -i "s|#includedir /etc/sudoers.d|includedir /etc/sudoers.d|g" /etc/sudoers  # allow users in /etc/sudoers.d/ folder to sudo
+sed -i "s|#includedir /etc/sudoers.d|@includedir /etc/sudoers.d|g" /etc/sudoers  # allow users in /etc/sudoers.d/ folder to sudo
 chmod o-w /etc/sudoers
 echo
 
diff --git a/home-config.sh b/home-config.sh
index 467b301..e6fbf9b 100755
--- a/home-config.sh
+++ b/home-config.sh
@@ -61,26 +61,25 @@ then
   echo
   echo "=== Append or link or omit [.ssh/authorized_keys] to config ssh server? <a> for append, <l> for link, <<anything else>> for omit:"
   read -p ">>> " CopyOrLinkOrOmitAuthorizedKeys
+
+  mkdir -p $HomePath/.ssh
+  chmod 700 $HomePath/.ssh
+  if [ "$2" ] # 注意，由 root 为新用户创建的配置文件的 owner 是 root，而不是新用户，导致新用户无法读取该文件而密钥登录失败，因此要重设 owner。
+  then
+    chown $2:$2 $HomePath
+  fi
+  if [ -e '$HomePath/.ssh/authorized_keys' ]
+  then
+    mv $HomePath/.ssh/authorized_keys $HomePath/.ssh/authorized_keys.backup-$(date +%Y%m%d%H%M%S)
+  fi
+
   if [ "$CopyOrLinkOrOmitAuthorizedKeys" = 'l' ]
   then
     echo "--- Linking $SourcePath/authorized_keys to $HomePath/.ssh/authorized_keys ..."
-    mkdir -p $HomePath/.ssh
-    chmod 700 $HomePath/.ssh
-    chown adot:adot .ssh
-    mv $HomePath/.ssh/authorized_keys $HomePath/.ssh/authorized_keys.backup-$(date +%Y%m%d%H%M%S)
     ln -s $SourcePath/.ssh/authorized_keys $HomePath/.ssh/authorized_keys
   elif [ "$CopyOrLinkOrOmitAuthorizedKeys" = 'a' ]
   then
-    mkdir -p $HomePath/.ssh
-    chmod 700 $HomePath/.ssh
-    if [ "$2" ]
-    then
-      chown $2:$2 $HomePath
-    fi
-    if [ -L '$HomePath/.ssh/authorized_keys' ]
-    then
-      mv $HomePath/.ssh/authorized_keys $HomePath/.ssh/authorized_keys.backup
-    fi
+    echo "--- Copying $SourcePath/authorized_keys to $HomePath/.ssh/authorized_keys ..."
     cat $SourcePath/.ssh/authorized_keys >> $HomePath/.ssh/authorized_keys
     chmod 600 $HomePath/.ssh/authorized_keys
   fi