Automating Linux User Creation with a Bash Script

Francis Morkeh Mensah — Mon, 01 Jul 2024 13:48:44 +0000

Automating Linux User Creation with a Bash Script

In a growing IT company, managing user accounts and groups manually can be time-consuming and error-prone. To streamline this process, we can use a bash script to automate the creation of users, groups, and their respective permissions. In this article, we'll walk through a bash script that reads a text file containing usernames and group names, creates the users and groups as specified, sets up home directories with appropriate permissions, generates random passwords, and logs all actions. Additionally, we'll securely store the generated passwords.

The Script

Here's the bash script, create_users.sh, which accomplishes the above tasks:

#!/bin/bash

# Check if the user has provided a file name
if [ $# -eq 0 ]; then
    echo "Usage: $0 <name-of-text-file>"
    exit 1
fi

input_file=$1

# Ensure the input file exists
if [ ! -f $input_file ]; then
    echo "File $input_file does not exist."
    exit 1
fi

# Log and password file paths
log_file="/var/log/user_management.log"
password_file="/var/secure/user_passwords.csv"

# Ensure /var/secure directory exists
mkdir -p /var/secure
chmod 700 /var/secure

# Ensure the log file exists
touch $log_file

# Start logging
echo "User creation process started at $(date)" >> $log_file

# Ensure the password file exists and is empty
echo "username,password" > $password_file

# Process each line of the input file
while IFS=';' read -r username groups; do
    # Remove whitespace
    username=$(echo $username | xargs)
    groups=$(echo $groups | xargs)

    # Check if user already exists
    if id "$username" &>/dev/null; then
        echo "User $username already exists. Skipping..." >> $log_file
        continue
    fi

    # Create user and user's primary group
    useradd -m -s /bin/bash "$username"
    echo "Created user $username" >> $log_file

    # Create and assign secondary groups
    IFS=',' read -ra group_list <<< "$groups"
    for group in "${group_list[@]}"; do
        group=$(echo $group | xargs)
        if ! getent group "$group" &>/dev/null; then
            groupadd "$group"
            echo "Created group $group" >> $log_file
        fi
        usermod -aG "$group" "$username"
        echo "Added user $username to group $group" >> $log_file
    done

    # Generate a random password
    password=$(openssl rand -base64 12)
    echo "$username:$password" | chpasswd
    echo "$username,$password" >> $password_file

    # Set permissions for user's home directory
    chmod 700 /home/$username
    chown $username:$username /home/$username
    echo "Set permissions for /home/$username" >> $log_file

done < "$input_file"

# Secure the password file
chmod 600 $password_file
chown root:root $password_file

echo "User creation process completed at $(date)" >> $log_file

How It Works

Input Validation:
- The script begins by checking if a filename is provided as an argument. If not, it exits with a usage message.
- It then verifies if the provided file exists. If the file is missing, it exits with an error message.
Setting Up Log and Password Files:
- The script defines paths for the log file (/var/log/user_management.log) and the password file (/var/secure/user_passwords.csv).
- It ensures the /var/secure directory exists and has the correct permissions.
- It ensures the log file exists and initializes the password file with a header.
Processing Each User:
- For each line in the input file, the script reads the username and groups, removing any extra whitespace.
- It checks if the user already exists and logs a message if so, skipping further actions for that user.
- If the user doesn't exist, the script creates the user and their primary group.
- It then processes any additional groups, creating them if they don't exist, and adds the user to these groups.
- A random password is generated, assigned to the user, and stored in the password file.
- The script sets appropriate permissions for the user's home directory.
Securing the Password File:
- After processing all users, the script sets strict permissions on the password file to ensure only the root user can read it.

Example Input File

Here’s an example of what the input file (user_list.txt) might look like for an IT company:

alice; sudo,developers,sysadmins
bob; developers,qa
charlie; sysadmins,network,backup
david; qa,testers
eve; developers,security
frank; security,network
grace; backup,storage
heidi; testers,qa
ivan; developers,network
judy; sysadmins,security
karen; storage,backup
leo; testers,developers
mike; qa,developers
nancy; security,sysadmins
oliver; network,backup
peggy; developers,sysadmins
quentin; qa,security
rachel; testers,backup
steve; developers,network
trudy; security,sysadmins
ursula; storage,backup
victor; qa,testers
wendy; developers,network
xander; sysadmins,security
yvonne; backup,storage
zach; developers,qa

Running the Script

Clone the Repository:

git clone https://github.com/Francismensah/HNG-11-Internship--DevOps-Track.git
cd /HNG-11-Internship--DevOps-Track/Stage-1-Task

Ensure the Script is Executable:
```
chmod +x create_users.sh
```

Run the Script with the Input File:

sudo bash create_users.sh user_list.txt

Logging and Output

Log File: /var/log/user_management.log contains a log of all actions performed by the script.
Password File: /var/secure/user_passwords.csv contains a list of all users and their passwords, delimited by commas.

Conclusion

Automating user and group creation in Linux can significantly reduce the administrative overhead and minimize errors. This bash script simplifies the process, ensuring that users and groups are created with the correct permissions and that actions are securely logged.

For more detailed information on how to manage users and groups in Linux, you can refer to the HNG Internship and HNG Hire websites.

If you have any questions or feedback, feel free to leave a comment below. Happy scripting!

DEV Community: Francis Morkeh Mensah

Automating Linux User Creation with a Bash Script