DEV Community: Felix Mordjifa The latest articles on DEV Community by Felix Mordjifa (@felix_mordjifa). https://dev.to/felix_mordjifa https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1527035%2Fcb40ea3c-7237-4022-a615-3b259eadbf6e.png DEV Community: Felix Mordjifa https://dev.to/felix_mordjifa en Automating Linux User and Group Management using a Bash Script Felix Mordjifa Fri, 05 Jul 2024 17:43:22 +0000 https://dev.to/felix_mordjifa/automating-linux-user-and-group-management-using-a-bash-script-548 https://dev.to/felix_mordjifa/automating-linux-user-and-group-management-using-a-bash-script-548 <p><strong>Managing</strong> users and groups on a Linux system can be mudane and task likely to encounter mistakes, especially in environments where users frequently join or leave the system. In this article, I hope to share my idea on creating a Bash script that automates user and group management, ensuring secure password handling and detailed logging.<br> This is a task i am undertaking as part of my HNG Internship, Hit this link <a href="https://hng.tech/internship" rel="noopener noreferrer">HNG Internship website</a> to join us pursue insightful knowledge, you can aswell reach out to hire skills ready individuals for employment via <a href="https://hng.tech/hire" rel="noopener noreferrer">HNG Hire page</a>.<br> The source code can be found on my <a href="https://github.com/DagaduFelixMordjifa/Create_User.sh.git" rel="noopener noreferrer">GitHub</a></p> <h4> Introduction </h4> <p>User management is a critical task for system administrators. Automating this process not only saves time but also reduces the risk of errors. This script will:</p> <ul> <li>Create users from an input file.</li> <li>Assign users to specified groups.</li> <li>Generate secure random passwords.</li> <li>Log all actions for auditing purposes. #### Prerequisites</li> <li>A Linux system with Bash shell.</li> <li> <code>sudo</code> privileges to execute administrative commands.</li> <li> <code>openssl</code> for generating random passwords. #### Script Breakdown Here's the script in its entirety: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># Check if the input file exists</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Error: Input file not found."</span> <span class="nb">exit </span>1 <span class="k">fi</span> <span class="c"># Ensure log and secure directories are initialized once</span> <span class="nv">LOG_FILE</span><span class="o">=</span><span class="s2">"/var/log/user_management.log"</span> <span class="nv">PASSWORD_FILE</span><span class="o">=</span><span class="s2">"/var/secure/user_passwords.csv"</span> <span class="c"># Initialize log file</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sudo touch</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="nb">sudo chown </span>root:root <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Initialize password file</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sudo mkdir</span> <span class="nt">-p</span> /var/secure <span class="nb">sudo touch</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="nb">sudo chown </span>root:root <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="nb">sudo chmod </span>600 <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Redirect stdout and stderr to the log file</span> <span class="nb">exec</span> <span class="o">&gt;</span> <span class="o">&gt;(</span><span class="nb">sudo tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span><span class="o">)</span> 2&gt;&amp;1 <span class="c"># Function to check if user exists</span> user_exists<span class="o">()</span> <span class="o">{</span> <span class="nb">id</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> &amp;&gt;/dev/null <span class="o">}</span> <span class="c"># Function to check if a group exists</span> group_exists<span class="o">()</span> <span class="o">{</span> getent group <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1 <span class="o">}</span> <span class="c"># Function to check if a user is in a group</span> user_in_group<span class="o">()</span> <span class="o">{</span> <span class="nb">id</span> <span class="nt">-nG</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> | <span class="nb">grep</span> <span class="nt">-qw</span> <span class="s2">"</span><span class="nv">$2</span><span class="s2">"</span> <span class="o">}</span> <span class="c"># Read each line from the input file</span> <span class="k">while </span><span class="nv">IFS</span><span class="o">=</span><span class="s1">';'</span> <span class="nb">read</span> <span class="nt">-r</span> username <span class="nb">groups</span><span class="p">;</span> <span class="k">do</span> <span class="c"># Trim whitespace</span> <span class="nv">username</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s1">'[:space:]'</span><span class="si">)</span> <span class="nb">groups</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s1">'[:space:]'</span><span class="si">)</span> <span class="c"># Check if the user already exists</span> <span class="k">if </span>user_exists <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> already exists."</span> <span class="k">else</span> <span class="c"># Create user</span> <span class="nb">sudo </span>useradd <span class="nt">-m</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Generate random password</span> <span class="nv">password</span><span class="o">=</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 12<span class="si">)</span> <span class="c"># Set password for user</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$password</span><span class="s2">"</span> | <span class="nb">sudo </span>chpasswd <span class="c"># Log actions</span> <span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> created. Password: </span><span class="nv">$password</span><span class="s2">"</span> <span class="c"># Store passwords securely</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">,</span><span class="nv">$password</span><span class="s2">"</span> | <span class="nb">sudo tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Ensure the user's home directory and personal group exist</span> <span class="nb">sudo mkdir</span> <span class="nt">-p</span> <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">sudo chown</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Split the groups string into an array</span> <span class="nv">IFS</span><span class="o">=</span><span class="s1">','</span> <span class="nb">read</span> <span class="nt">-ra</span> group_array <span class="o">&lt;&lt;&lt;</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="c"># Check each group</span> <span class="k">for </span>group <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">group_array</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do if </span>group_exists <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Group </span><span class="nv">$group</span><span class="s2"> exists."</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Group </span><span class="nv">$group</span><span class="s2"> does not exist. Creating group </span><span class="nv">$group</span><span class="s2">."</span> <span class="nb">sudo </span>groupadd <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="k">fi if </span>user_in_group <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> is already in group </span><span class="nv">$group</span><span class="s2">."</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Adding user </span><span class="nv">$username</span><span class="s2"> to group </span><span class="nv">$group</span><span class="s2">."</span> <span class="nb">sudo </span>usermod <span class="nt">-aG</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="k">fi done done</span> &lt; <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> </code></pre> </div> <h4> How It Works </h4> <ol> <li> <strong>Input File Check</strong>: The script starts by checking if the input file exists. If not, it exits with an error message.</li> <li> <strong>Log and Secure File Initialization</strong>: It initializes the log and password files, ensuring they have the correct permissions.</li> <li> <strong>Function Definitions</strong>: Functions to check user existence, group existence, and user membership in a group are defined.</li> <li> <strong>User and Group Processing</strong>: The script reads the input file line by line, processes each username and group, creates users and groups as needed, and assigns users to groups.</li> <li> <strong>Password Handling</strong>: Secure random passwords are generated and assigned to new users, and all actions are logged. #### Running the Script</li> <li> <p><strong>Prepare the Input File</strong>: Create a file named <code>input_file.txt</code> with the following format:<br> </p> <pre class="highlight plaintext"><code>sela;developers,admins felix;developers kemuel;admins,users </code></pre> </li> <li> <p><strong>Make the Script Executable</strong>:<br> </p> <pre class="highlight shell"><code><span class="nb">chmod</span> +x create_user.sh </code></pre> </li> <li> <p><strong>Run the Script</strong>:<br> </p> <pre class="highlight shell"><code><span class="nb">sudo</span> ./create_user.sh new_user.txt </code></pre> </li> </ol> <h4> Conclusion </h4> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> This Bash script streamlines user management on Linux systems by automating the creation of users with secure passwords, assigning them to the appropriate groups, and logging all actions for audit purposes. This automation helps system administrators save time and minimize errors. </code></pre> </div> <p>Feel free to customize this script further to suit your specific needs. Happy automating!</p> <h4> About the Author </h4> <h2> I am Dagadu Felix Mordjifa. DevOps and automation enthusiast. (<a href="https://github.com/DagaduFelixMordjifa/Create_User.sh/blob/main/User_list.txt" rel="noopener noreferrer">https://github.com/DagaduFelixMordjifa/Create_User.sh/blob/main/User_list.txt</a>) </h2> bash