As a SysOps engineer, managing users and groups in a Linux environment can be a repetitive and time-consuming task. To streamline this process, we can leverage a bash script to automate user creation, group assignments, home directory setup, password generation, and logging. This article walks through the implementation of such a script, create_users.sh, which reads user information from a text file and performs the necessary operations. This solution is especially useful when onboarding new employees.
Script Requirements and Functionality
Our script will:
Read a text file containing usernames and groups.
Create users with personal groups matching their usernames.
Assign users to additional specified groups.
Set up home directories with appropriate permissions.
Generate random passwords for new users.
Log all actions to /var/log/user_management.log.
Store generated passwords securely in /var/secure/user_passwords.csv.
Implementation Details
- Script Initialization and Input Validation The script starts by defining log and password files. It then checks if the input file is provided and exists:
bash
Copy code
LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"
if [ $# -eq 0 ]; then
echo "Usage: $0 "
exit 1
fi
if [ ! -f $1 ]; then
echo "Error: File $1 not found!"
exit 1
fi
- Secure Directory and File Setup We ensure that the directory for storing passwords exists and has the correct permissions:
bash
Copy code
mkdir -p /var/secure
touch $PASSWORD_FILE
chmod 600 $PASSWORD_FILE
- Reading and Processing the Input File The script reads the input file line by line, creating users and assigning them to groups as specified:
bash
Copy code
while IFS=';' read -r username groups; do
username=$(echo "$username" | xargs)
groups=$(echo "$groups" | xargs)
if id -u "$username" >/dev/null 2>&1; then
log_message "User $username already exists"
else
useradd -m -g "$username" -s /bin/bash "$username"
log_message "User $username created with primary group $username"
chmod 700 /home/$username
chown $username:$username /home/$username
password=$(openssl rand -base64 12)
echo "$username:$password" | chpasswd
echo "$username,$password" >> $PASSWORD_FILE
log_message "Password for user $username set and stored securely"
fi
IFS=',' read -ra additional_groups <<< "$groups"
for group in "${additional_groups[@]}"; do
group=$(echo "$group" | xargs)
if [ $(getent group "$group") ]; then
usermod -aG "$group" "$username"
log_message "User $username added to group $group"
else
groupadd "$group"
usermod -aG "$group" "$username"
log_message "Group $group created and user $username added"
fi
done
done < "$1"
Logging and Security
All actions are logged for auditing purposes. Passwords are stored securely with restricted access to ensure only the file owner can read them.
Conclusion
Automating user and group management in Linux environments can significantly reduce administrative overhead. The create_users.sh script provides a robust solution for onboarding new users, ensuring that they are set up with the necessary permissions and groups efficiently. For more details about the HNG Internship and opportunities,
visit https://hng.tech/internship &
https://hng.tech/premium
By automating these tasks, SysOps engineers can focus on more critical aspects of system administration, improving overall productivity and system security.
Top comments (0)