Fix hysteria config file permissions

2026-03-26 10:18:59 +08:00
parent ea5655cd96
commit b06337813d
1 changed files with 22 additions and 2 deletions
--- a/hy2.sh
+++ b/hy2.sh
@@ -387,6 +387,27 @@ backup_existing_config() {
  fi
 }

+set_config_permissions() {
+  local service_user service_group
+
+  service_user="$(systemctl show -p User --value "${SERVICE_NAME}" 2>/dev/null || true)"
+  service_user="${service_user//$'\n'/}"
+
+  if [[ -n "${service_user}" && "${service_user}" != "root" ]]; then
+    service_group="$(id -gn "${service_user}" 2>/dev/null || true)"
+    if [[ -n "${service_group}" ]]; then
+      chown root:"${service_group}" "${CONFIG_FILE}"
+      chmod 640 "${CONFIG_FILE}"
+      green "已按服务账户 ${service_user}:${service_group} 设置配置文件权限为 640"
+      return 0
+    fi
+  fi
+
+  chown root:root "${CONFIG_FILE}"
+  chmod 644 "${CONFIG_FILE}"
+  yellow "未识别到可用的服务账户组，已回退为 root:root 且权限 644"
+}
+
 render_userpass_block() {
  local indent="${1:-4}"
  local prefix="" entry username password
@@ -493,8 +514,7 @@ write_config() {

  render_config "$domain" "$email" "$cf_token" "$proxy_url" > "${CONFIG_FILE}"

-  chown root:root "${CONFIG_FILE}"
-  chmod 600 "${CONFIG_FILE}"
+  set_config_permissions
  green "配置已写入 ${CONFIG_FILE}"
 }