diff --git a/scripts/testbed_cron.sh b/scripts/testbed_cron.sh
index 1293b9f..cbff88a 100755
--- a/scripts/testbed_cron.sh
+++ b/scripts/testbed_cron.sh
@@ -1,9 +1,15 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -ex
 THIS_DIR=$( cd "$( dirname "${BASH_SOURCE[0]:-${(%):-%x}}" )" && pwd )
 
+check_username() {
+    ( echo $1 | grep -qxE "^[a-z][-a-z0-9_]*\$" ) || return 1
+    return 0
+}
+
 touch_user() {
     test -n "$1"
+    check_username $1 || { echo "Invalid user name $1 !"; exit -1; }
     if id -u $1 1>/dev/null 2>&1; then
         return
     fi
@@ -12,16 +18,11 @@ touch_user() {
         exit 1
     fi
 
-    adduser \
-        --shell /bin/bash \
-        --disabled-password \
-        --home /home/$1 \
-        --gecos "nasp member" \
-        $1
-    usermod -a -G nasp $1
+    useradd -m --groups nasp $1
+    su - $1 -c "true"
 
     mkdir -p /home2/$1
-    chown $1: /home2/$1
+    chown $1:nasp /home2/$1
 }
 
 update_key() {
@@ -36,17 +37,20 @@ update_key() {
 
     if [[ ! -d "$dest_dir" ]]; then
         mkdir -p "$dest_dir"
-        chown $1:$1 "$dest_dir"
+        chown $1:nasp "$dest_dir"
         chmod 700 "$dest_dir"
     fi
     cat "$tmp_path" > "$dest_path"
     rm "$tmp_path"
-    chown $1:$1 "$dest_path"
+    chown $1:nasp "$dest_path"
     chmod 600 "$dest_path"
 }
 
 main() {
-    cp "$THIS_DIR/nasp" "/etc/sudoers.d/nasp"
+    if [ -f /etc/os-release ]; then
+        . /etc/os-release
+        test "$ID" = "nixos" || cp "$THIS_DIR/nasp" "/etc/sudoers.d/nasp"
+    fi
     for file in "$THIS_DIR"/../authorized_keys/* ; do
         if [[ ! -d "$file" ]]; then
             continue