In recent times where organizations and companies hold secrets of the biggest magnitude e.g. proprietary secrets, trademark secrets e.t.c. and store them on the main company network (server), adding employees to that network or server has to be done with high accuracy and precision by assigning the employee to the appropriate groups according to his/her job title in order to protect this secret of the company and to make sure no one has access to such information except certain people like, the C.E.O, C.T.O, C.M.O. e.t.c.
Today, we're going to look into such phenomenon taking Linux (Ubuntu distro) as our case study environment.
How are we going to implement this you may ask?
Well, we're going to create a bash script that takes the path to a .txt file as our input file which contains the names of employees and the groups you wish to place them in.
For example
alice; developers, foodies
bob; testers; admins
This .txt file contains lines in the format of user;groups delimited by a comma"
Before going into the code, we must first know and understand what we want our code to do explicitly
- Read users in format
user; groups - Create users and groups as specified
- setup home directories with appropriate permissions and ownership
- generate random passwords for the users
- store the generated passwords securely in
/var/secure/user_passwords.txt - log all actions to
/var/log/user_management.logNote: handle error scenarios like existing users
Preparatory steps
- Create a file named
create_users.shin your home directory on linux
touch create_users.sh
- Open this file with nano editor to add your code
nano create_users.sh
Now let's follow through with how we want our script to run.
Step 1
Define the following paths in which you want to save your logs and users password
LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.txt"
Step 2
Ensure the directory exists and has the appropriate permissions
if [ ! -d "/var/secure" ]; then
mkdir -p /var/secure
chmod 700 /var/secure
fi
Step 3
Ensure the log file and password file exist and are writable
touch $LOG_FILE $PASSWORD_FILE
chmod 600 $PASSWORD_FILE
chmod 644 $LOG_FILE
Step 4
Add the function to log all user actions and include a timestamp to each respective action
log(){
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE
}
Step 5
Check if the script is run as root
if [ "$EUID" -ne 0 ]; then
log "Script must be run as root."
echo "Please run as root."
exit 1
fi
Step 6
Check if the input file is provided and readable
if [ ! -f "$1" ]; then
log "Input file not provided or does not exist."
echo "Usage: $0 <input_file>"
exit 1
fi
Step 7
Add the function to generate user passwords
generate_password(){
< /dev/urandom tr -dc 'A-Za-z0-9!@#$%^&*()_+' | head -c 8
}
Step 8
Read the input file line by line
while IFS=';' read -r user groups;
do
user=$(echo "$user" | xargs) # Trim whitespace
groups=$(echo "$groups" | xargs) # Trim whitespace
if id "$user" &>/dev/null; then
log "User $user already exists."
echo "User $user already exists. Skipping."
continue
fi
Add the following codes to the while do block
Step 9
Create groups if they do not exist and collect them in a list
IFS=',' read -ra group_list <<< "$groups"
group_string=""
for group in "${group_list[@]}"; do
group=$(echo "$group" | xargs) # Trim whitespace
if ! getent group "$group" &>/dev/null; then
groupadd "$group"
log "Group $group created."
else
log "Group $group already exists."
fi
group_string+="$group,"
done
group_string=${group_string%,} # Remove trailing comma
Step 10
Create user and assign to groups
useradd -m -G "$group_string" "$user"
if [ $? -eq 0 ]; then
log "User $user created and added to groups $groups"
else
log "Failed to create user $user."
echo "Failed to create user $user. Check log for details."
continue
fi
Step 11
Generate and assign a password
password=$(generate_password)
echo "$user:$password" | chpasswd
if [ $? -eq 0 ]; then
log "Password set for user $user."
else
log "Failed to set password for user $user."
echo "Failed to set password for user $user. Check logs for details."
continue
fi
Step 12
Store the password securely
echo "$user:$password" >> $PASSWORD_FILE
log "Password for user $user stored securely."
Step 13
Set ownership and permissions for home directory
chown "$user:$user" "/home/$user"
chmod 700 "/home/$user"
log "Home directory for user $user set up with appropriate permissions."
Last Step
Close the while do block and log the end
done < "$1"
log "Users - groups creation process completed."
echo "User creation process completed. Check $LOG_FILE for details."
With this code you can be sure to add your respective employees to the appropriate Groups and add permissions, in order for your organization top secret information doesn't get into the wrong hands 😊.
Thanks for following me through with this article.
A big shout out to HNG, HNG Internship, HNG Hiring for inspiring this article.
Reach out to me on Linkedin or X(Twitter) if you want to have a nice chat about anything and I mean absolutely anything.
Top comments (0)