Managing user accounts and groups on a Linux system can often become cumbersome, especially in dynamic environments where frequent updates are necessary. Automating these tasks not only simplifies the process but also ensures consistency and efficiency. In this article, we'll explore how to implement a Bash script that automates user creation, group management, and password generation, while also logging all activities for auditing purposes.
Script Overview
The Bash script create_users.sh is designed to read user and group information from a text file, create new users with specified groups, set up their home directories securely, generate random passwords, and maintain a detailed log of actions performed. This approach ensures systematic user management and enhances system security.
Script Breakdown
Below is the complete create_users.sh script, followed by a detailed explanation of its key components:
Bash Script for User and Group Management
This Bash script automates the creation of users and groups on a Linux system, ensuring proper permissions and logging actions for auditing purposes.
Script Overview
The script create_users.sh performs the following tasks:
#!/bin/bash
# Ensure the script is run with root privileges
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
# Log file path
LOG_FILE="/var/log/user_management.log"
# Password storage file path
PASSWORD_FILE="/var/secure/user_passwords.csv"
# Create secure directory for passwords if it doesn't exist
mkdir -p /var/secure
chmod 700 /var/secure
# Function to create groups
create_groups() {
local groups="$1"
IFS=',' read -r -a group_array <<< "$groups"
for group in "${group_array[@]}"; do
group=$(echo "$group" | xargs) # Remove leading/trailing whitespace
if [ ! -z "$group" ]; then
if ! getent group "$group" > /dev/null; then
groupadd "$group"
echo "Group '$group' created." | tee -a "$LOG_FILE"
fi
fi
done
}
# Function to create user and group
create_user() {
local username="$1"
local groups="$2"
# Create user group if it doesn't exist
if ! getent group "$username" > /dev/null; then
groupadd "$username"
echo "Group '$username' created." | tee -a "$LOG_FILE"
fi
# Create the additional groups
create_groups "$groups"
# Create user with personal group and home directory if user doesn't exist
if ! id "$username" > /dev/null 2>&1; then
useradd -m -g "$username" -G "$groups" "$username"
echo "User '$username' created with groups '$groups'." | tee -a "$LOG_FILE"
# Set home directory permissions
chmod 700 "/home/$username"
chown "$username:$username" "/home/$username"
# Generate random password
password=$(openssl rand -base64 12)
echo "$username:$password" | chpasswd
echo "$username,$password" >> "$PASSWORD_FILE"
else
echo "User '$username' already exists." | tee -a "$LOG_FILE"
fi
}
# Read the input file
input_file="$1"
if [ -z "$input_file" ]; then
echo "Usage: $0 <name-of-text-file>"
exit 1
fi
# Ensure the input file exists
if [ ! -f "$input_file" ]; then
echo "File '$input_file' not found!"
exit 1
fi
# Process each line of the input file
while IFS=';' read -r user groups; do
user=$(echo "$user" | xargs) # Remove leading/trailing whitespace
groups=$(echo "$groups" | xargs) # Remove leading/trailing whitespace
if [ ! -z "$user" ]; then
create_user "$user" "$groups"
fi
done < "$input_file"
# Set permissions for password file
chmod 600 "$PASSWORD_FILE"
echo "User creation process completed." | tee -a "$LOG_FILE"
Detailed Explanation
Ensuring Root Privileges
The script starts by checking if it is being run with root privileges, as creating users and modifying system files require administrative rights.
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
Setting Up Log and Password Files
The script defines paths for the log file and the password storage file. It then creates a secure directory for storing passwords and ensures it has the correct permissions.
LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"
mkdir -p /var/secure
chmod 700 /var/secure
Function to Create Groups
The create_groups function takes a comma-separated list of groups and creates each group if it does not already exist. It also logs the creation of each group.
create_groups() {
local groups="$1"
IFS=',' read -r -a group_array <<< "$groups"
for group in "${group_array[@]}"; do
group=$(echo "$group" | xargs)
if [ ! -z "$group" ]; then
if ! getent group "$group" > /dev/null; then
groupadd "$group"
echo "Group '$group' created." | tee -a "$LOG_FILE"
fi
fi
done
}
Function to Create Users and Groups
The create_user function handles the creation of the user and their primary group, as well as any additional groups. It sets up the user's home directory, assigns appropriate permissions, and generates a random password for the user.
create_user() {
local username="$1"
local groups="$2"
if ! getent group "$username" > /dev/null; then
groupadd "$username"
echo "Group '$username' created." | tee -a "$LOG_FILE"
fi
create_groups "$groups"
if ! id "$username" > /dev/null 2>&1; then
useradd -m -g "$username" -G "$groups" "$username"
echo "User '$username' created with groups '$groups'." | tee -a "$LOG_FILE"
chmod 700 "/home/$username"
chown "$username:$username" "/home/$username"
password=$(openssl rand -base64 12)
echo "$username:$password" | chpasswd
echo "$username,$password" >> "$PASSWORD_FILE"
else
echo "User '$username' already exists." | tee -a "$LOG_FILE"
fi
}
Processing the Input File
The script reads the input file provided as a command-line argument. Each line of the file is expected to contain a username and a list of groups separated by a semicolon. The script processes each line, removing any leading or trailing whitespace, and calls the create_user function.
input_file="$1"
if [ -z "$input_file" ]; then
echo "Usage: $0 <name-of-text-file>"
exit 1
fi
if [ ! -f "$input_file" ]; then
echo "File '$input_file' not found!"
exit 1
fi
while IFS=';' read -r user groups; do
user=$(echo "$user" | xargs)
groups=$(echo "$groups" | xargs)
if [ ! -z "$user" ]; then
create_user "$user" "$groups"
fi
done < "$input_file"
##
Finalizing Permissions
Finally, the script ensures that the password file has the correct permissions, making it readable only by the root user.
chmod 600 "$PASSWORD_FILE"
echo "User creation process completed." | tee -a "$LOG_FILE"
Running the Script
To run the create_users.sh script, follow these steps:
1.Create the Input File:Prepare a text file with usernames and groups. Each line should contain a username followed by a semicolon and a comma-separated list of groups. For example:
ajayi;admins,developers
okhuomon;users,admins
2.Make the Script Executable: Ensure the script has executable permissions.
chmod +x create_users.sh
3.*Run the Script with Root Privileges: * Execute the script, passing the path to the input file as an argument.
sudo ./create_users.sh /path/to/input_file.txt
Conclusion
This script offers a powerful solution for automating user and group management on Linux systems. It ensures thorough logging for auditing and securely stores generated passwords. By leveraging and customizing this script, you can streamline user management tasks, ensuring efficiency and consistency tailored to your specific requirements.
For more details on the HNG Internship and how to apply, visit HNG Internship and embark on your journey of growth and innovation, Also if you wish to expand your horizons with Hng Network visit HNG Premium and never walk alone!!!
I'd love to hear from you about your experiences with automating user and group management on Linux systems. Share your thoughts, challenges, or any tips you have for improving the script. Here are a few questions to get you started:
What methods do you use to automate user management in your environment?
Have you encountered any specific challenges with user creation and group management?
Do you have any suggestions for enhancing the security aspects of user management scripts?
Feel free to leave your comments below. Your insights and experiences are valuable to me and the community!
Top comments (0)