Automating User Account Management in Linux with a Bash Script

Olatunji — Tue, 02 Jul 2024 14:12:40 +0000

User Management is an integral part of a Sys Ops Engineer, as this is useful in day-to-day activity. This is usually required when onboarding new members of staff. In this piece, we will go through the process of creating and assigning new users.

This is part of HNG Internship requirements. You can learn more about HNG by clicking on the link below.
HNG Internship

Premise

Manually handling user accounts can be tedious and often leads to mistakes. To make things easier and more reliable, we should automate this process. We'll create a script called "create_users.sh" that will read a list of usernames and groups from a given text file, create the users and groups, set up their home directories, generate random passwords, and log everything to a management.log file. This will save time, reduce errors, and keep things consistent.

Prerequisites

The following are the requirements needed to create and execute the script

Basic Knowledge of Linux command
Admin privilege
Text editor e.g Vim, Nano, TextEdit, etc

Overview

The script is expected to perform the following tasks

Reads a list of users and groups from any given text file.
Creates users and assigns them to specified groups.
Set up home directories with appropriate permissions.
Generates random passwords for the users.
Logs all actions to /var/log/user_management.log.
Stores the generated passwords securely in /var/secure/user_passwords.csv.

Procedure

Define the variable to accept the input file, log file and password file

INPUT_FILE="$1"
USER_INPUT_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"

Create functions to perform tasks

# Function to log messages
log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | sudo tee -a $USER_INPUT_FILE > /dev/null
}

# Function to generate random password
random_password() {    
    < /dev/urandom tr -dc 'A-Za-z0-9' | head -c 12
}

Create directories, and files and give permissions

# Create neccessary directories if they do not exist
sudo mkdir -p /var/log
sudo mkdir -p /var/secure

# create log file if it does not exist, and set the neccessary permission
sudo touch $USER_INPUT_FILE
sudo chmod 600 $USER_INPUT_FILE

# create password file if it does not exist, and set the neccessary permission
sudo touch $PASSWORD_FILE
sudo chmod 600 $PASSWORD_FILE

The code below read the file line by line, create the user, add to group and set password

# Read the input file line by line
while IFS=';' read -r username groups; do
    # Remove whitespace from username and group
    username=$(echo $username | xargs)
    groups=$(echo $groups | xargs)

    # Create the new user 
    if id -u "$username" >/dev/null 2>&1; then
        log_message "User $username already exists. Creation skipped."
    else
        sudo useradd -m -s /bin/bash "$username"
        if [ $? -eq 0 ]; then
            log_message "New user: $username created successfully."
        else
            log_message "Unable to create user: $username."
            continue
        fi
    fi

    # Create the new user personal group
    if ! getent group "$username" >/dev/null 2>&1; then
        sudo groupadd "$username"
        log_message "Personal group $username created successfully"
    fi

    # Add user to group
    sudo usermod -aG "$username" "$username"

    # Add the user to other groups
    IFS=',' read -ra group_array <<< "$groups"
    for group in "${group_array[@]}"; do
        group=$(echo $group | xargs) # Remove whitespace
        if ! getent group "$group" >/dev/null 2>&1; then
            sudo groupadd "$group"
            log_message "Group $group created."
        fi
        sudo usermod -aG "$group" "$username"
        log_message "User $username added to group: $group."
    done

    # Generate a random password and set it for the created user
    password=$(random_password)
    echo "$username:$password" | sudo chpasswd
    echo "$username,$password" | sudo tee -a $PASSWORD_FILE > /dev/null

    log_message "Password set for user $username."
done < "$INPUT_FILE"

Log message to show the status after execution

log_message "User creation script completed."
echo "User creation process is complete. Check $USER_INPUT_FILE for details"

Conclusion

Using a bash script to automate user account management can greatly simplify the onboarding process for new employees, users, or accounts. By following the steps outlined in this article, you can create an effective script that ensures users are created, added to groups, and provided with secure passwords, all while logging actions for transparency and audit purposes.

This tutorial is made possible by HNG.