DEV Community: Ugochukwu Chukwuma The latest articles on DEV Community by Ugochukwu Chukwuma (@0xugochukwu). https://dev.to/0xugochukwu https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1719743%2F95c91788-8fbe-4052-8c3f-df9ecc14863c.JPG DEV Community: Ugochukwu Chukwuma https://dev.to/0xugochukwu en User(s) Creation Automation with Bash Ugochukwu Chukwuma Tue, 02 Jul 2024 20:29:28 +0000 https://dev.to/0xugochukwu/users-creation-automation-with-bash-461m https://dev.to/0xugochukwu/users-creation-automation-with-bash-461m <p>Hey there! </p> <p>So here is a synopsis of my stage 1 task at the <a href="https://hng.tech/internship">HNG DevOps Internship</a></p> <h3> Task: </h3> <p>Your company has employed many new developers. As a SysOps engineer, write a bash script called <code>create_users.sh</code> that reads a text file containing the employee’s usernames and group names, where each line is formatted as <code>user;groups</code>.</p> <p>The script should create users and groups as specified, set up home directories with appropriate permissions and ownership, generate random passwords for the users, and log all actions to <code>/var/log/user_management.log</code>. Additionally, store the generated passwords securely in <code>/var/secure/user_passwords.txt</code>.</p> <p>Ensure error handling for scenarios like existing users and provide clear documentation and comments within the script.</p> <p><strong>Sample Input</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>light; sudo,dev,www-data idimma; sudo mayowa; dev,www-data </code></pre> </div> <h3> Solution </h3> <p>The programme I wrote solves the problem by following these procedures;</p> <ul> <li>First, we read the <code>input file</code> using a function that adds the users to a global variable called <code>users</code> and the groups to another variable called <code>groups</code>. It does this simultaneously allowing the index of each user in <code>users</code> to match their corresponding groups in <code>groups</code>.</li> </ul> <p>I also ensure the user has entered a valid input file before running this.</p> <p>Here's the code that does all of this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">declare</span> <span class="nt">-a</span> <span class="nb">users declare</span> <span class="nt">-a</span> <span class="nb">groups </span><span class="k">function </span>read_input<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">file</span><span class="o">=</span><span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="k">while </span><span class="nv">IFS</span><span class="o">=</span> <span class="nb">read</span> <span class="nt">-r</span> line<span class="p">;</span> <span class="k">do </span><span class="nv">user</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$line</span><span class="s2">"</span> | <span class="nb">cut</span> <span class="nt">-d</span><span class="s1">';'</span> <span class="nt">-f1</span><span class="si">)</span> <span class="nv">groups_data</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$line</span><span class="s2">"</span> | <span class="nb">cut</span> <span class="nt">-d</span><span class="s1">';'</span> <span class="nt">-f2</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s1">'[:space:]'</span><span class="si">)</span> <span class="nb">users</span>+<span class="o">=(</span><span class="s2">"</span><span class="nv">$user</span><span class="s2">"</span><span class="o">)</span> <span class="nb">groups</span>+<span class="o">=(</span><span class="s2">"</span><span class="nv">$groups_data</span><span class="s2">"</span><span class="o">)</span> <span class="k">done</span> &lt; <span class="s2">"</span><span class="nv">$file</span><span class="s2">"</span> <span class="o">}</span> <span class="k">if</span> <span class="o">[[</span> <span class="nv">$# </span><span class="nt">-ne</span> 1 <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Usage: </span><span class="nv">$0</span><span class="s2"> &lt;input_file&gt;"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nv">input_file</span><span class="o">=</span><span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"Reading input file: </span><span class="nv">$input_file</span><span class="s2">"</span> read_input <span class="s2">"</span><span class="nv">$input_file</span><span class="s2">"</span> </code></pre> </div> <ul> <li>Next, I go on to create the required files and their directories if they don't already exist using this code: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">log_file</span><span class="o">=</span><span class="s2">"/var/log/user_management.log"</span> <span class="nv">password_file</span><span class="o">=</span><span class="s2">"/var/secure/user_passwords.txt"</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">mkdir</span> <span class="nt">-p</span> /var/log <span class="nb">touch</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="k">fi if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$password_file</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">mkdir</span> <span class="nt">-p</span> /var/secure <span class="nb">touch</span> <span class="s2">"</span><span class="nv">$password_file</span><span class="s2">"</span> <span class="k">fi</span> </code></pre> </div> <ul> <li>Then the main event, at this point I have a list of the users in <code>users</code>, a list of their corresponding groups in <code>groups</code> and all the files I will need to store valuable information such as logs and the passwords of the users I created.</li> </ul> <p>Now, I use a <code>for</code> loop to iterate over each user and their corresponding groups with an index.</p> <p>Remember we created the <code>users</code> and <code>groups</code> array simultaneously by looping over each line in the file this means the user at <code>index <br> 0</code> in <code>users</code> needs to be added to the groups at <code>index 0</code> in <code>groups</code>, so our <code>for</code> loop will look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="k">for</span> <span class="o">((</span> i <span class="o">=</span> 0<span class="p">;</span> i &lt; <span class="k">${#</span><span class="nv">users</span><span class="p">[@]</span><span class="k">}</span><span class="p">;</span> i++ <span class="o">))</span><span class="p">;</span> <span class="k">do </span><span class="nv">user</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">users</span><span class="p">[</span><span class="nv">$i</span><span class="p">]</span><span class="k">}</span><span class="s2">"</span> <span class="nv">user_groups</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">groups</span><span class="p">[</span><span class="nv">$i</span><span class="p">]</span><span class="k">}</span><span class="s2">"</span> </code></pre> </div> <p>So <code>user</code> is the user we are working on and <code>user_groups</code> are the groups we are adding them to.</p> <p>Next, we check if the <code>user</code> exists, if they do we just continue with the next iteration; else, we create them with this code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="k">if </span><span class="nb">id</span> <span class="s2">"</span><span class="nv">$user</span><span class="s2">"</span> &amp;&gt;/dev/null<span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$user</span><span class="s2"> already exists, Skipped"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="k">else</span> <span class="c"># Create user</span> useradd <span class="nt">-m</span> <span class="nt">-s</span> /bin/bash <span class="s2">"</span><span class="nv">$user</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Failed to create user </span><span class="nv">$user</span><span class="s2">"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$user</span><span class="s2"> created"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> </code></pre> </div> <p>Then we set a password for them by using openssl to generate 50 random base64 characters then we filter the result to extract the alphabets, numbers and some special characters. We finally slice the first 10 characters and this will serve as the user's password.</p> <p>We go ahead to store the users password in <code>/var/secure/user_passwords.txt</code>.</p> <p>These are done using the code below:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Set password</span> <span class="nv">password</span><span class="o">=</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 50 | <span class="nb">tr</span> <span class="nt">-dc</span> <span class="s1">'A-Za-z0-9!?%='</span> | <span class="nb">head</span> <span class="nt">-c</span> 10<span class="si">)</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$user</span><span class="s2">:</span><span class="nv">$password</span><span class="s2">"</span> | chpasswd <span class="k">if</span> <span class="o">[[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Failed to set password for </span><span class="nv">$user</span><span class="s2">"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Password for </span><span class="nv">$user</span><span class="s2"> set"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$user</span><span class="s2">:</span><span class="nv">$password</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$password_file</span><span class="s2">"</span> </code></pre> </div> <p>Finally, we add the user to their groups. </p> <p>We do this by first of all checking if a personal group was created for the user--most linux distros do this by default on user creation due to security reasons. But if it didn't we create a personal group for the user and add the user to the group.</p> <p>See code below:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Create personal group if linux distro didn't create it by default</span> <span class="k">if </span><span class="nb">grep</span> <span class="nt">-q</span> <span class="s2">"^</span><span class="nv">$user</span><span class="s2">:"</span> /etc/group<span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Personal group </span><span class="nv">$user</span><span class="s2"> already exists"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Personal group </span><span class="nv">$user</span><span class="s2"> does not exist, creating </span><span class="nv">$user</span><span class="s2">"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> groupadd <span class="s2">"</span><span class="nv">$user</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Failed to create personal group </span><span class="nv">$user</span><span class="s2">"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="nb">exit </span>1 <span class="k">fi fi</span> <span class="c"># Add user to personal group</span> usermod <span class="nt">-aG</span> <span class="s2">"</span><span class="nv">$user</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$user</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Failed to add </span><span class="nv">$user</span><span class="s2"> to </span><span class="nv">$user</span><span class="s2"> group"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Added </span><span class="nv">$user</span><span class="s2"> to </span><span class="nv">$user</span><span class="s2"> group"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> </code></pre> </div> <p>After which we split the previously created variable <code>user_groups</code> by <code>,</code> and iterate through each element creating the group if it doesn't already exist and adding the user to the group. Then we finally close our initial loop</p> <p>We do this using this code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="c"># Add user to other groups</span> <span class="k">for </span>group <span class="k">in</span> <span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$user_groups</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="s1">','</span> <span class="s1">'\n'</span><span class="si">)</span><span class="p">;</span> <span class="k">do if </span><span class="nb">grep</span> <span class="nt">-q</span> <span class="s2">"^</span><span class="nv">$group</span><span class="s2">:"</span> /etc/group<span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Group </span><span class="nv">$group</span><span class="s2"> already exists"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Group </span><span class="nv">$group</span><span class="s2"> does not exist, creating </span><span class="nv">$group</span><span class="s2">"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> groupadd <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Failed to create group </span><span class="nv">$group</span><span class="s2">"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="nb">exit </span>1 <span class="k">fi fi </span>usermod <span class="nt">-aG</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$user</span><span class="s2">"</span> <span class="k">if</span> <span class="o">[[</span> <span class="nv">$?</span> <span class="nt">-ne</span> 0 <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Failed to add </span><span class="nv">$user</span><span class="s2"> to </span><span class="nv">$group</span><span class="s2"> group"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Added </span><span class="nv">$user</span><span class="s2"> to </span><span class="nv">$group</span><span class="s2"> group"</span> | <span class="nb">tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$log_file</span><span class="s2">"</span> <span class="k">done fi done</span> </code></pre> </div> <p>And just like that, all the new employees now have user profiles!</p> <p>You can also reuse this script for new employees. Exciting right?</p> <p>You will also notice how I appropriately log each event in the log file and gracefully handle failures in each command so even if we run into unexpected problems in our execution we not only end the programme gracefully we also have a log for further investigation. </p> <p>That's it for now, but be sure to tune in for the Stage 2 task 😉</p> <p>I am also open to constructive criticism so be sure to leave a comment.</p> <p>Also, you can learn more about HNG <a href="https://hng.tech/">here</a></p> devops bash