Automating Linux User Creation with a Bash Script
In a growing IT company, managing user accounts and groups manually can be time-consuming and error-prone. To streamline this process, we can use a bash script to automate the creation of users, groups, and their respective permissions. In this article, we'll walk through a bash script that reads a text file containing usernames and group names, creates the users and groups as specified, sets up home directories with appropriate permissions, generates random passwords, and logs all actions. Additionally, we'll securely store the generated passwords.
The Script
Here's the bash script, create_users.sh, which accomplishes the above tasks:
#!/bin/bash
# Check if the user has provided a file name
if [ $# -eq 0 ]; then
echo "Usage: $0 <name-of-text-file>"
exit 1
fi
input_file=$1
# Ensure the input file exists
if [ ! -f $input_file ]; then
echo "File $input_file does not exist."
exit 1
fi
# Log and password file paths
log_file="/var/log/user_management.log"
password_file="/var/secure/user_passwords.csv"
# Ensure /var/secure directory exists
mkdir -p /var/secure
chmod 700 /var/secure
# Ensure the log file exists
touch $log_file
# Start logging
echo "User creation process started at $(date)" >> $log_file
# Ensure the password file exists and is empty
echo "username,password" > $password_file
# Process each line of the input file
while IFS=';' read -r username groups; do
# Remove whitespace
username=$(echo $username | xargs)
groups=$(echo $groups | xargs)
# Check if user already exists
if id "$username" &>/dev/null; then
echo "User $username already exists. Skipping..." >> $log_file
continue
fi
# Create user and user's primary group
useradd -m -s /bin/bash "$username"
echo "Created user $username" >> $log_file
# Create and assign secondary groups
IFS=',' read -ra group_list <<< "$groups"
for group in "${group_list[@]}"; do
group=$(echo $group | xargs)
if ! getent group "$group" &>/dev/null; then
groupadd "$group"
echo "Created group $group" >> $log_file
fi
usermod -aG "$group" "$username"
echo "Added user $username to group $group" >> $log_file
done
# Generate a random password
password=$(openssl rand -base64 12)
echo "$username:$password" | chpasswd
echo "$username,$password" >> $password_file
# Set permissions for user's home directory
chmod 700 /home/$username
chown $username:$username /home/$username
echo "Set permissions for /home/$username" >> $log_file
done < "$input_file"
# Secure the password file
chmod 600 $password_file
chown root:root $password_file
echo "User creation process completed at $(date)" >> $log_file
How It Works
-
Input Validation:
- The script begins by checking if a filename is provided as an argument. If not, it exits with a usage message.
- It then verifies if the provided file exists. If the file is missing, it exits with an error message.
-
Setting Up Log and Password Files:
- The script defines paths for the log file (
/var/log/user_management.log) and the password file (/var/secure/user_passwords.csv). - It ensures the
/var/securedirectory exists and has the correct permissions. - It ensures the log file exists and initializes the password file with a header.
- The script defines paths for the log file (
-
Processing Each User:
- For each line in the input file, the script reads the username and groups, removing any extra whitespace.
- It checks if the user already exists and logs a message if so, skipping further actions for that user.
- If the user doesn't exist, the script creates the user and their primary group.
- It then processes any additional groups, creating them if they don't exist, and adds the user to these groups.
- A random password is generated, assigned to the user, and stored in the password file.
- The script sets appropriate permissions for the user's home directory.
-
Securing the Password File:
- After processing all users, the script sets strict permissions on the password file to ensure only the root user can read it.
Example Input File
Here’s an example of what the input file (user_list.txt) might look like for an IT company:
alice; sudo,developers,sysadmins
bob; developers,qa
charlie; sysadmins,network,backup
david; qa,testers
eve; developers,security
frank; security,network
grace; backup,storage
heidi; testers,qa
ivan; developers,network
judy; sysadmins,security
karen; storage,backup
leo; testers,developers
mike; qa,developers
nancy; security,sysadmins
oliver; network,backup
peggy; developers,sysadmins
quentin; qa,security
rachel; testers,backup
steve; developers,network
trudy; security,sysadmins
ursula; storage,backup
victor; qa,testers
wendy; developers,network
xander; sysadmins,security
yvonne; backup,storage
zach; developers,qa
Running the Script
-
Clone the Repository:
git clone https://github.com/Francismensah/HNG-11-Internship--DevOps-Track.git cd /HNG-11-Internship--DevOps-Track/Stage-1-Task -
Ensure the Script is Executable:
chmod +x create_users.sh -
Run the Script with the Input File:
sudo bash create_users.sh user_list.txt
Logging and Output
-
Log File:
/var/log/user_management.logcontains a log of all actions performed by the script. -
Password File:
/var/secure/user_passwords.csvcontains a list of all users and their passwords, delimited by commas.
Conclusion
Automating user and group creation in Linux can significantly reduce the administrative overhead and minimize errors. This bash script simplifies the process, ensuring that users and groups are created with the correct permissions and that actions are securely logged.
For more detailed information on how to manage users and groups in Linux, you can refer to the HNG Internship and HNG Hire websites.
If you have any questions or feedback, feel free to leave a comment below. Happy scripting!
Top comments (0)