DEV Community: Rose Candy Esinam Nartey The latest articles on DEV Community by Rose Candy Esinam Nartey (@candy-devops). https://dev.to/candy-devops https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1720514%2F8952e0bb-8174-45ea-861f-9bff9e682bec.png DEV Community: Rose Candy Esinam Nartey https://dev.to/candy-devops en Automating User and Group Management with a Bash Script. Rose Candy Esinam Nartey Wed, 03 Jul 2024 00:17:01 +0000 https://dev.to/candy-devops/automating-user-and-group-management-with-a-bash-script-2jli https://dev.to/candy-devops/automating-user-and-group-management-with-a-bash-script-2jli <p>Managing users on a Linux system can be a time-consuming task, especially in environments where users frequently join or leave. Automating this process can save administrators a lot of time and reduce human error. In this article, we'll walk through a Bash script designed to automate the creation of Linux users and their respective groups. This script ensures security, logging, and proper group management.</p> <h2> Why Automate User Management? </h2> <p>Automation helps maintain consistency and efficiency in repetitive tasks. In large organizations or during internships, like those offered by the <a href="https://hng.tech/internship">HNG Internship</a>, managing multiple users can quickly become a complex and error-prone process. A well-designed script can streamline this process, making it easier to manage users securely and effectively.</p> <h3> Prerequisites </h3> <p>Before diving into the script, ensure you have the following:</p> <ul> <li>A Linux operating system (tested on Ubuntu).</li> <li>Bash shell (<code>/bin/bash</code>).</li> <li>OpenSSL for password generation (<code>openssl</code>).</li> <li>Root privileges (<code>sudo</code>).</li> </ul> <p>The source code can be found on my <a href="https://github.com/Candy-DevOps/Linux_User_Creation.git">GitHub repo</a></p> <h2> The Bash Script </h2> <p>Here's the full script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># Check if the input file exists</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Error: Input file not found."</span> <span class="nb">exit </span>1 <span class="k">fi</span> <span class="c"># Ensure log and secure directories are initialized once</span> <span class="nv">LOG_FILE</span><span class="o">=</span><span class="s2">"/var/log/user_management.log"</span> <span class="nv">PASSWORD_FILE</span><span class="o">=</span><span class="s2">"/var/secure/user_passwords.csv"</span> <span class="c"># Initialize log file</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sudo touch</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="nb">sudo chown </span>root:root <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Initialize password file</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sudo mkdir</span> <span class="nt">-p</span> /var/secure <span class="nb">sudo touch</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="nb">sudo chown </span>root:root <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="nb">sudo chmod </span>600 <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Redirect stdout and stderr to the log file</span> <span class="nb">exec</span> <span class="o">&gt;</span> <span class="o">&gt;(</span><span class="nb">sudo tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span><span class="o">)</span> 2&gt;&amp;1 <span class="c"># Function to check if user exists</span> user_exists<span class="o">()</span> <span class="o">{</span> <span class="nb">id</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> &amp;&gt;/dev/null <span class="o">}</span> <span class="c"># Function to check if a group exists</span> group_exists<span class="o">()</span> <span class="o">{</span> getent group <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1 <span class="o">}</span> <span class="c"># Function to check if a user is in a group</span> user_in_group<span class="o">()</span> <span class="o">{</span> <span class="nb">id</span> <span class="nt">-nG</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> | <span class="nb">grep</span> <span class="nt">-qw</span> <span class="s2">"</span><span class="nv">$2</span><span class="s2">"</span> <span class="o">}</span> <span class="c"># Read each line from the input file</span> <span class="k">while </span><span class="nv">IFS</span><span class="o">=</span><span class="s1">';'</span> <span class="nb">read</span> <span class="nt">-r</span> username <span class="nb">groups</span><span class="p">;</span> <span class="k">do</span> <span class="c"># Trim whitespace</span> <span class="nv">username</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s1">'[:space:]'</span><span class="si">)</span> <span class="nb">groups</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s1">'[:space:]'</span><span class="si">)</span> <span class="c"># Check if the user already exists</span> <span class="k">if </span>user_exists <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> already exists."</span> <span class="k">else</span> <span class="c"># Create user</span> <span class="nb">sudo </span>useradd <span class="nt">-m</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Generate random password</span> <span class="nv">password</span><span class="o">=</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 12<span class="si">)</span> <span class="c"># Set password for user</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$password</span><span class="s2">"</span> | <span class="nb">sudo </span>chpasswd <span class="c"># Log actions</span> <span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> created. Password: </span><span class="nv">$password</span><span class="s2">"</span> <span class="c"># Store passwords securely</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">,</span><span class="nv">$password</span><span class="s2">"</span> | <span class="nb">sudo tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Ensure the user's home directory and personal group exist</span> <span class="nb">sudo mkdir</span> <span class="nt">-p</span> <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">sudo chown</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Split the groups string into an array</span> <span class="nv">IFS</span><span class="o">=</span><span class="s1">','</span> <span class="nb">read</span> <span class="nt">-ra</span> group_array <span class="o">&lt;&lt;&lt;</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="c"># Check each group</span> <span class="k">for </span>group <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">group_array</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do if </span>group_exists <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Group </span><span class="nv">$group</span><span class="s2"> exists."</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Group </span><span class="nv">$group</span><span class="s2"> does not exist. Creating group </span><span class="nv">$group</span><span class="s2">."</span> <span class="nb">sudo </span>groupadd <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="k">fi if </span>user_in_group <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> is already in group </span><span class="nv">$group</span><span class="s2">."</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Adding user </span><span class="nv">$username</span><span class="s2"> to group </span><span class="nv">$group</span><span class="s2">."</span> <span class="nb">sudo </span>usermod <span class="nt">-aG</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="k">fi done done</span> &lt; <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> </code></pre> </div> <h3> How the Script Works </h3> <ol> <li> <strong>Input File Verification</strong>: The script starts by checking if the input file exists. If not, it exits with an error message.</li> <li> <strong>Log and Secure Directory Initialization</strong>: The script sets up a log file to keep track of its actions and a secure password file to store user passwords. These files are created with proper permissions to ensure security.</li> <li> <strong>User and Group Management</strong>: <ul> <li>The script reads each line from the input file, which contains usernames and their associated groups.</li> <li>It checks if each user already exists. If not, it creates the user and assigns a randomly generated password.</li> <li>It ensures the user's home directory and personal group are set up.</li> <li>The script then processes each group, checking if it exists and creating it if necessary, before adding the user to the group.</li> </ul> </li> </ol> <h3> Usage </h3> <ol> <li>Save the user information in a file, e.g., <code>usersname.txt</code>, formatted as <code>username;group1,group2,group3</code>.</li> <li>Run the script with the user information file as an argument: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>./user_creation_script.sh usersname.txt </code></pre> </div> <h3> Benefits of This Script </h3> <ul> <li> <strong>Automation</strong>: Reduces the manual effort required to manage users and groups.</li> <li> <strong>Security</strong>: Ensures passwords are stored securely and logs all actions for auditing purposes.</li> <li> <strong>Consistency</strong>: Maintains a consistent approach to user and group management.</li> </ul> <h2> Conclusion </h2> <p>Automating user management on Linux systems can significantly enhance efficiency and security. This script provides a robust solution for creating users and managing their groups. For those interested in more automation and development practices, the <a href="https://hng.tech/internship">HNG Internship</a> offers a great opportunity to learn and grow in a collaborative environment.<br> By leveraging such scripts, administrators can focus on more critical tasks, knowing that user management is handled consistently and securely.</p> <p>For more information on hiring talents trained in such automation practices, visit <a href="https://hng.tech/hire">HNG Hire</a>.</p> <p>Feel free to share your thoughts or improvements on this script in the comments!</p> <p>Happy coding! Written by: Candy-DevOps</p>