DEV Community: Muad

AWS - Infrastructure for the Rest of Us

Muad — Wed, 10 Sep 2025 13:28:36 +0000

Introduction

This comprehensive lab exercise, created for AWS Student Cloud Club Camp participants, guides you through designing and implementing a secure, scalable grade book system using core AWS services. You'll learn how to implement proper access controls, network security, and data storage while following cloud security best practices.

Learn more about what an AWS Student Cloud Club Camp is by reading this article

Learning Objectives

Configure Identity and Access Management (IAM) with role-based permissions
Design a secure Virtual Private Cloud (VPC) architecture
Implement S3 storage with appropriate bucket policies
Apply the principle of least privilege in cloud security
Understand the benefits of cloud migration from on-premises infrastructure

Prerequisites

Ensure you have:

An active AWS account with administrative access
Basic understanding of cloud computing concepts
Familiarity with AWS Management Console navigation
A text editor for creating JSON policies

and this is what we are going to achieve at the end...

Identity Layer: IAM users and policies controlling access
Network Layer: VPC with isolated subnets and security groups
Storage Layer: S3 buckets with granular access permissions

Step 1: Configure IAM

Creating Student User Account

Navigate to the IAM service in the AWS Management Console
Click Users → Create user
Configure user details:
- Username: student-user1
- Access type: Check "Provide user access to the AWS Management Console"
- Select "I want to create an IAM user"
- Choose "Custom password" and create a secure password
- Note: Record the password securely for later use

Attaching Basic Permissions

In the permissions step, attach the following managed policy:
- AmazonS3ReadOnlyAccess - Allows read access to S3 resources

Creating Custom Restriction Policy

Click Create policy to create a custom restriction policy
Select the JSON tab and enter the following policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyGradebookAccess",
            "Effect": "Deny",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::cs-dept-gradebook-2024",
                "arn:aws:s3:::cs-dept-gradebook-2024/*"
            ]
        }
    ]
}

Name the policy: Student-Gradebook-Restriction-Policy
Add description: "Prevents students from accessing confidential gradebook data"
Click Create policy

Finalizing User Creation

Return to user creation and attach the custom policy
Review settings and click Create user
Download or securely store the user credentials

Step 2: Design VPC

Creating the VPC

Navigate to VPC service in the AWS Console
Click Create VPC
Configure VPC settings:
- Resources to create: VPC only
- Name tag: cs-dept-vpc
- IPv4 CIDR block: 10.32.0.0/16
- IPv6 CIDR block: No IPv6 CIDR block
- Tenancy: Default

Setting Up Subnets

Create a Public Subnet:
- Name: cs-dept-public-subnet
- VPC: Select your created VPC
- Availability Zone: Choose any AZ
- IPv4 CIDR block: 10.32.1.0/24
Create a Private Subnet:
- Name: cs-dept-private-subnet
- VPC: Select your created VPC
- Availability Zone: Different from public subnet
- IPv4 CIDR block: 10.32.2.0/24

Configuring Internet Connectivity

Create Internet Gateway:
- Name: cs-dept-igw
- Attach to your VPC
Create Route Tables:

Public Route Table:

Name: cs-dept-public-rt
Add route: 0.0.0.0/0 → Internet Gateway
Associate with public subnet

Private Route Table:

Name: cs-dept-private-rt
Keep default local route only
Associate with private subnet

Security Groups Configuration

Create Web Security Group:
- Name: cs-dept-web-sg
- Description: "Security group for web servers"
- Inbound rules:
  - HTTP (80) from 0.0.0.0/0
  - HTTPS (443) from 0.0.0.0/0
  - SSH (22) from your IP only
Create Database Security Group:
- Name: cs-dept-db-sg
- Description: "Security group for database servers"
- Inbound rules:
  - MySQL/Aurora (3306) from Web Security Group
  - SSH (22) from your IP only

Step 3: Configure S3 Storage for Grade Book Data

Creating the Grade Book Bucket

Navigate to S3 service
Click Create bucket
Configure bucket settings:
- Bucket name: cs-dept-gradebook-2024 (must be globally unique)
- Region: Same as your VPC
- Block Public Access: Keep all settings checked (secure by default)
- Bucket Versioning: Enable
- Default encryption: Enable with SSE-S3

Creating Bucket Policy for Controlled Access

After bucket creation, go to Permissions tab
Edit Bucket policy and add:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "TeacherAccess",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::YOUR-ACCOUNT-ID:root"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::cs-dept-gradebook-2024",
                "arn:aws:s3:::cs-dept-gradebook-2024/*"
            ]
        },
        {
            "Sid": "DenyStudentAccess",
            "Effect": "Deny",
            "Principal": {
                "AWS": "arn:aws:iam::YOUR-ACCOUNT-ID:user/student-user1"
            },
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::cs-dept-gradebook-2024",
                "arn:aws:s3:::cs-dept-gradebook-2024/*"
            ]
        }
    ]
}

!!!Note!!!: Replace YOUR-ACCOUNT-ID with your actual AWS account ID.

Creating Public Assets Bucket (Optional)

Create a second bucket for public course materials:
- Bucket name: cs-dept-public-assets-2024
- Public access: Allow public read access
- Static website hosting: Enable if needed
For public bucket policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadAccess",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::cs-dept-public-assets-2024/*"
        }
    ]
}

Step 4: Testing and Validation

Testing Student Access Restrictions

Sign in as student-user1
Attempt to access the gradebook S3 bucket
Verify access is denied with appropriate error messages
Confirm read access to public resources works

Testing Network Connectivity

Launch an EC2 instance in the public subnet
Test internet connectivity
Launch an EC2 instance in the private subnet
Verify it cannot directly access the internet
Test communication between subnets through security groups

Step 5: Clean Up Resources

To avoid unnecessary charges:

Delete EC2 instances
Empty and delete S3 buckets
Delete NAT Gateway (if created)
Delete Internet Gateway
Delete subnets
Delete VPC
Delete IAM user and custom policies

Why Cloud Migration Benefits Universities

1. Reduced Operational Overhead

Universities can focus on education rather than infrastructure management. AWS handles hardware maintenance, security patches, and system updates automatically.

2. Enhanced Scalability

Cloud services automatically scale to handle peak loads during registration periods or exam times, unlike fixed-capacity physical servers with on premises infrastructure.

3. Advanced Security Features

Multi-factor authentication
Encryption at rest and in transit
Automated threat detection

4. Cost Optimization

Pay-as-you-go pricing eliminates large capital expenditures.

5. High Availability and Disaster Recovery

Built-in redundancy ensures 99.99% uptime. Automated backups and multi-region replication protect against data loss.

6. Global Accessibility

Students and faculty can access systems from anywhere with consistent performance through AWS's global infrastructure.

Conclusion

This lab demonstrates how AWS services can create a secure, scalable educational infrastructure. By combining IAM for access control, VPC for network security, and S3 for data storage, we've built a system that protects sensitive academic data while providing appropriate access to different user types.

Additional Resources

Build Your Own Lightweight Containers Without Docker

Muad — Fri, 28 Mar 2025 05:28:32 +0000

Introduction: Application Isolation

In the world of modern software development, containerization has become a game-changer. But what if I told you that you could create your own custom application environments directly within Linux without relying on Docker? Welcome to the world of manual containerization – a powerful technique that gives you easy control over your application's entire ecosystem.
Imagine having the ability to spin up an isolated application environment with precise resource limitations, network configurations and system constraints while all using native Linux tools. This isn't just theoretical; it's a practical approach to creating lightweight, secure and highly customizable application containers that run directly on your Linux machine.

Why Self-Containerization Matters

Traditional containerization solutions like Docker are powerful but they can be heavyweight and complex. Sometimes running your application directly on Linux is a simpler and more efficient choice—so why not? After all, Docker itself is just a container running a mini OS, which adds extra overhead.

This is where self-containerization using Linux namespaces and control groups (cgroups) comes in, offering several distinct advantages:

Complete Resource Control: Precisely limit CPU, memory, network, and disk usage for each application
Minimal Overhead: Run containers with virtually no performance penalty
Deep System Understanding: Learn how containers actually work under the hood
Flexibility: Create custom isolation environments tailored to your exact requirements
Learning Opportunity: Gain insights into Linux internals and system-level programming, I mean why not? just challenge yourself!

Prerequisites

For this tutorial, you'll need:

A cloud VM or local machine running Ubuntu 22.04.2 LTS
Root or sudo access
Basic understanding of Linux command-line operations
Bash scripting knowledge (helpful but not mandatory)

Container Architecture Diagram

Here's a simple diagram description you can use (convert to an image using any drawing tool):

┌─────────────────────────────────────────────────────────────────┐
│                          Host System                            │
│                                                                 │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │                   Container Namespace                     │  │
│  │                                                           │  │
│  │  ┌─────────────────────────────────────────────────────┐  │  │
│  │  │              Chroot Environment                     │  │  │
│  │  │                                                     │  │  │
│  │  │  ┌────────────┐    ┌──────────────────────────┐     │  │  │
│  │  │  │ Non-root   │    │ Python Web Application   │     │  │  │
│  │  │  │   User     │    │      (Port 8000)         │     │  │  │
│  │  │  └────────────┘    └──────────────────────────┘     │  │  │
│  │  │                                                     │  │  │
│  │  │              Resource Limits (Cgroups)              │  │  │
│  │  │         Memory: 256MB, CPU Weight: 50               │  │  │
│  │  └─────────────────────────────────────────────────────┘  │  │
│  │                                                           │  │
│  │  Network: veth1-new (192.168.200.2)                       │  │
│  └───────────────────────────────────────────────────────────┘  │
│                                                                 │
│  Network: veth0-new (192.168.200.1)                             │
│                                                                 │
│  Port Forwarding: 80 → 192.168.200.2:8000 # note internal IP    │                 │                                                                 │
└─────────────────────────────────────────────────────────────────┘
         │
         │ Internet
         ▼
    Public Access
   (Your VM Public IP)

Tutorial Roadmap

1) Environment Setup

Preparing your Linux system
Installing necessary tools and dependencies

2) Root Filesystem Creation

Building a minimal filesystem for your container
Configuring basic system components

3) Resource Limitation with Cgroups

Understanding control groups
Setting CPU, memory, and I/O constraints

4) Sample Application Deployment

Creating a demo application
Verifying container configuration

5) Container Initialization

Launching your isolated application environment
Networking and namespace configuration

Step 1: Environment Setup

First, let's prepare our system with the necessary tools:

# Update system packages
sudo apt update
sudo apt upgrade -y

# Install required tools
sudo apt install -y util-linux debootstrap iptables iproute2 cgroup-tools net-tools curl

Step 2: Root Filesystem Creation

Create a minimal root filesystem for our container:

Distribution Choice: We're using Ubuntu 20.04 LTS (focal) for its stability and long-term support. While not the absolute latest, it provides a balance between up-to-date packages and system reliability. For the most recent LTS, consider using jammy (Ubuntu 22.04) in the debootstrap command.

# Create project directory
mkdir -p ~/container-forge/rootfs

# Create minimal Ubuntu filesystem
sudo debootstrap --variant=minbase focal ~/container-forge/rootfs

# Create necessary directories
sudo mkdir -p ~/container-forge/rootfs/{proc,sys,dev,tmp,run,home,opt}

# Set hostname
echo "containerforge" | sudo tee ~/container-forge/rootfs/etc/hostname

# Install basic packages
sudo chroot ~/container-forge/rootfs apt update
sudo chroot ~/container-forge/rootfs apt install -y python3 net-tools iputils-ping iproute2 curl

# Create non-root user
sudo chroot ~/container-forge/rootfs useradd -m container_user

Step 3: Resource Limitation with Cgroups

Set up resource limits using cgroups:

Note on Cgroup Versions: Linux has two major cgroup versions - v1 and v2. While v2 is the newer standard, some distributions still use v1 or provide mixed support. Before running these commands, check your system's cgroup version using mount | grep cgroup to ensure compatibility.

# Create cgroup directory
sudo mkdir -p /sys/fs/cgroup/containerforge

# Set memory limit (256MB)
echo "268435456" | sudo tee /sys/fs/cgroup/containerforge/memory.max

# Set CPU weight (50 out of 100)
echo "50" | sudo tee /sys/fs/cgroup/containerforge/cpu.weight

# Enable controllers
echo "+memory +cpu" | sudo tee /sys/fs/cgroup/containerforge/cgroup.subtree_control

Step 4: Sample Application Deployment

Create a simple Python web application:

# Create application directory
sudo mkdir -p ~/container-forge/rootfs/opt/python-app

# Create Python web application
cat << EOF | sudo tee ~/container-forge/rootfs/opt/python-app/app.py
#!/usr/bin/env python3
from http.server import HTTPServer, BaseHTTPRequestHandler

class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.end_headers()
        self.wfile.write(b'Hello World this is Muad from Python app!')

httpd = HTTPServer(('0.0.0.0', 8000), SimpleHTTPRequestHandler)
print("Server started at http://0.0.0.0:8000")
httpd.serve_forever()
EOF

# Make the application executable
sudo chmod +x ~/container-forge/rootfs/opt/python-app/app.py

Step 5: Container Initialization

Set up networking and launch the container:

NB: the ROOTFS path (/home/ubuntu/container-forge/rootfs) ADD your specific username.

NB: # Ensure port 80 is open (if using a cloud VM) sudo ufw allow 80/tcp # For Ubuntu's firewall

# Create network namespace
sudo ip netns add container-net-new

# Create virtual ethernet pair
sudo ip link add veth0-new type veth peer name veth1-new

# Move veth1-new to container namespace
sudo ip link set veth1-new netns container-net-new

# Configure host end
sudo ip addr add 192.168.200.1/24 dev veth0-new
sudo ip link set veth0-new up

# Configure container end
sudo ip netns exec container-net-new ip addr add 192.168.200.2/24 dev veth1-new
sudo ip netns exec container-net-new ip link set veth1-new up
sudo ip netns exec container-net-new ip link set lo up

# Enable IP forwarding
sudo sysctl -w net.ipv4.ip_forward=1

# Set up NAT for outbound connections
sudo iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -j MASQUERADE

# Add default route in container
sudo ip netns exec container-net-new ip route add default via 192.168.200.1

# Run the containerized application
ROOTFS="/home/gradific/container-forge/rootfs"
sudo ip netns exec container-net-new \
  sudo chroot $ROOTFS su - container_user -c "cd /opt/python-app && python3 app.py"

Deployment and Monitoring

To make your container accessible from the internet:

# Stop Nginx if it's running
sudo systemctl kill nginx

# Set up port forwarding
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.200.2:8000
sudo iptables -A FORWARD -p tcp -d 192.168.200.2 --dport 8000 -j ACCEPT

Now your application is accessible at:

http://<your-public-ip>

Results

Environment Setup

Root Filesystem Creation

Screenshot of the filesystem structure: ls -la ~/container-forge/rootfs:

Resource Limits

Screenshot of cgroup setup: cat /sys/fs/cgroup/containerforge/memory.max:

Screenshot of CPU limits: cat /sys/fs/cgroup/containerforge/cpu.weight:

Network Configuration

Screenshot of network namespace: ip netns list:

Screenshot of container interfaces: sudo ip netns exec container-net-new ip addr:

Screenshot of host interfaces: ip addr | grep veth0-new:

Container Running

Screenshot of Python server running:

Screenshot of accessing via curl: curl http://192.168.200.2:8000:

Public Access

Browser screenshot showing the page:

Cleanup Script

Cleanup Note: After completing this exercise, use the provided cleanup script to remove container resources and restore your system to its original state:

To create and use the cleanup script:

Create the script:

nano ~/container-cleanup.sh

Then add the script text below:

#!/bin/bash

# Clean up network namespace
sudo ip netns delete container-net-new

# Remove iptables rules
sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.200.2:8000
sudo iptables -D FORWARD -p tcp -d 192.168.200.2 --dport 8000 -j ACCEPT
sudo iptables -t nat -D POSTROUTING -s 192.168.200.0/24 -j MASQUERADE

# Remove cgroup
sudo rmdir /sys/fs/cgroup/containerforge

Save the file:

Press Ctrl + X
Press Y
Press Enter

Make the script executable:

chmod +x ~/container-cleanup.sh

Run the script

~/container-cleanup.sh

Challenges and Learnings

Let's be real – containerization isn't always smooth sailing. I'll share my personal challenges, including:

Managing cgroup inconsistencies

Cgroup Configuration:

Different Linux distributions use different cgroup versions

Namespace configuration hurdles

Network Isolation:

Setting up proper network namespaces and routing

Common denied access in container creation

Filesystem Permissions:

Ensuring proper access rights in the chroot environment

Troubleshooting techniques

Resource Limits:

Verifying that cgroup limits were actually being enforced

Security Considerations

When manually creating containers be mindful of:

Limiting root access within the container
Implementing strict network isolation
Regularly updating base system packages
Using non-root users for application execution
Configuring minimal necessary permissions

Pro Tip: Always treat containers as potential attack surfaces and apply the principle of least privilege.

Pro Tips

🚀 Automation is Key

While we didn't use scripts in this tutorial, creating automation scripts can:

Reduce manual configuration errors
Speed up environment setup
Allow quick iteration and testing
Provide reproducible deployment processes

Have you played with Linux containerization? What would you have done different? Share your experiences, challenges, and solutions in the comments! Let's learn and grow together.

Conclusion

Sometimes getting your hands used to the manual setup work helps you gain a deeper understanding of your favorite Linux environment. I'm glad I tackled this exercise and learned how containers work from the ground up.

Stay curious not anxious!!!!!! AND keep experimenting and never stop learning! 🦦

Build Your Own Lightweight Containers Without Docker

Muad — Fri, 28 Mar 2025 05:28:32 +0000

Introduction: Application Isolation

Why Self-Containerization Matters

This is where self-containerization using Linux namespaces and control groups (cgroups) comes in, offering several distinct advantages:

Complete Resource Control: Precisely limit CPU, memory, network, and disk usage for each application
Minimal Overhead: Run containers with virtually no performance penalty
Deep System Understanding: Learn how containers actually work under the hood
Flexibility: Create custom isolation environments tailored to your exact requirements
Learning Opportunity: Gain insights into Linux internals and system-level programming, I mean why not? just challenge yourself!

Prerequisites

For this tutorial, you'll need:

A cloud VM or local machine running Ubuntu 22.04.2 LTS
Root or sudo access
Basic understanding of Linux command-line operations
Bash scripting knowledge (helpful but not mandatory)

Container Architecture Diagram

Here's a simple diagram description you can use (convert to an image using any drawing tool):

┌─────────────────────────────────────────────────────────────────┐
│                          Host System                            │
│                                                                 │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │                   Container Namespace                     │  │
│  │                                                           │  │
│  │  ┌─────────────────────────────────────────────────────┐  │  │
│  │  │              Chroot Environment                     │  │  │
│  │  │                                                     │  │  │
│  │  │  ┌────────────┐    ┌──────────────────────────┐     │  │  │
│  │  │  │ Non-root   │    │ Python Web Application   │     │  │  │
│  │  │  │   User     │    │      (Port 8000)         │     │  │  │
│  │  │  └────────────┘    └──────────────────────────┘     │  │  │
│  │  │                                                     │  │  │
│  │  │              Resource Limits (Cgroups)              │  │  │
│  │  │         Memory: 256MB, CPU Weight: 50               │  │  │
│  │  └─────────────────────────────────────────────────────┘  │  │
│  │                                                           │  │
│  │  Network: veth1-new (192.168.200.2)                       │  │
│  └───────────────────────────────────────────────────────────┘  │
│                                                                 │
│  Network: veth0-new (192.168.200.1)                             │
│                                                                 │
│  Port Forwarding: 80 → 192.168.200.2:8000 # note internal IP    │                 │                                                                 │
└─────────────────────────────────────────────────────────────────┘
         │
         │ Internet
         ▼
    Public Access
   (Your VM Public IP)

Tutorial Roadmap

1) Environment Setup

Preparing your Linux system
Installing necessary tools and dependencies

2) Root Filesystem Creation

Building a minimal filesystem for your container
Configuring basic system components

3) Resource Limitation with Cgroups

Understanding control groups
Setting CPU, memory, and I/O constraints

4) Sample Application Deployment

Creating a demo application
Verifying container configuration

5) Container Initialization

Launching your isolated application environment
Networking and namespace configuration

Step 1: Environment Setup

First, let's prepare our system with the necessary tools:

# Update system packages
sudo apt update
sudo apt upgrade -y

# Install required tools
sudo apt install -y util-linux debootstrap iptables iproute2 cgroup-tools net-tools curl

Step 2: Root Filesystem Creation

Create a minimal root filesystem for our container:

# Create project directory
mkdir -p ~/container-forge/rootfs

# Create minimal Ubuntu filesystem
sudo debootstrap --variant=minbase focal ~/container-forge/rootfs

# Create necessary directories
sudo mkdir -p ~/container-forge/rootfs/{proc,sys,dev,tmp,run,home,opt}

# Set hostname
echo "containerforge" | sudo tee ~/container-forge/rootfs/etc/hostname

# Install basic packages
sudo chroot ~/container-forge/rootfs apt update
sudo chroot ~/container-forge/rootfs apt install -y python3 net-tools iputils-ping iproute2 curl

# Create non-root user
sudo chroot ~/container-forge/rootfs useradd -m container_user

Step 3: Resource Limitation with Cgroups

Set up resource limits using cgroups:

# Create cgroup directory
sudo mkdir -p /sys/fs/cgroup/containerforge

# Set memory limit (256MB)
echo "268435456" | sudo tee /sys/fs/cgroup/containerforge/memory.max

# Set CPU weight (50 out of 100)
echo "50" | sudo tee /sys/fs/cgroup/containerforge/cpu.weight

# Enable controllers
echo "+memory +cpu" | sudo tee /sys/fs/cgroup/containerforge/cgroup.subtree_control

Step 4: Sample Application Deployment

Create a simple Python web application:

# Create application directory
sudo mkdir -p ~/container-forge/rootfs/opt/python-app

# Create Python web application
cat << EOF | sudo tee ~/container-forge/rootfs/opt/python-app/app.py
#!/usr/bin/env python3
from http.server import HTTPServer, BaseHTTPRequestHandler

class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.end_headers()
        self.wfile.write(b'Hello World this is Muad from Python app!')

httpd = HTTPServer(('0.0.0.0', 8000), SimpleHTTPRequestHandler)
print("Server started at http://0.0.0.0:8000")
httpd.serve_forever()
EOF

# Make the application executable
sudo chmod +x ~/container-forge/rootfs/opt/python-app/app.py

Step 5: Container Initialization

Set up networking and launch the container:

NB: the ROOTFS path (/home/ubuntu/container-forge/rootfs) ADD your specific username.

NB: # Ensure port 80 is open (if using a cloud VM) sudo ufw allow 80/tcp # For Ubuntu's firewall

# Create network namespace
sudo ip netns add container-net-new

# Create virtual ethernet pair
sudo ip link add veth0-new type veth peer name veth1-new

# Move veth1-new to container namespace
sudo ip link set veth1-new netns container-net-new

# Configure host end
sudo ip addr add 192.168.200.1/24 dev veth0-new
sudo ip link set veth0-new up

# Configure container end
sudo ip netns exec container-net-new ip addr add 192.168.200.2/24 dev veth1-new
sudo ip netns exec container-net-new ip link set veth1-new up
sudo ip netns exec container-net-new ip link set lo up

# Enable IP forwarding
sudo sysctl -w net.ipv4.ip_forward=1

# Set up NAT for outbound connections
sudo iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -j MASQUERADE

# Add default route in container
sudo ip netns exec container-net-new ip route add default via 192.168.200.1

# Run the containerized application
ROOTFS="/home/gradific/container-forge/rootfs"
sudo ip netns exec container-net-new \
  sudo chroot $ROOTFS su - container_user -c "cd /opt/python-app && python3 app.py"

Deployment and Monitoring

To make your container accessible from the internet:

# Stop Nginx if it's running
sudo systemctl kill nginx

# Set up port forwarding
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.200.2:8000
sudo iptables -A FORWARD -p tcp -d 192.168.200.2 --dport 8000 -j ACCEPT

Now your application is accessible at:

http://<your-public-ip>

Results

Environment Setup

Root Filesystem Creation

Screenshot of the filesystem structure: ls -la ~/container-forge/rootfs:

Resource Limits

Screenshot of cgroup setup: cat /sys/fs/cgroup/containerforge/memory.max:

Screenshot of CPU limits: cat /sys/fs/cgroup/containerforge/cpu.weight:

Network Configuration

Screenshot of network namespace: ip netns list:

Screenshot of container interfaces: sudo ip netns exec container-net-new ip addr:

Screenshot of host interfaces: ip addr | grep veth0-new:

Container Running

Screenshot of Python server running:

Screenshot of accessing via curl: curl http://192.168.200.2:8000:

Public Access

Browser screenshot showing the page:

Cleanup Script

Cleanup Note: After completing this exercise, use the provided cleanup script to remove container resources and restore your system to its original state:

To create and use the cleanup script:

Create the script:

nano ~/container-cleanup.sh

Then add the script text below:

#!/bin/bash

# Clean up network namespace
sudo ip netns delete container-net-new

# Remove iptables rules
sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.200.2:8000
sudo iptables -D FORWARD -p tcp -d 192.168.200.2 --dport 8000 -j ACCEPT
sudo iptables -t nat -D POSTROUTING -s 192.168.200.0/24 -j MASQUERADE

# Remove cgroup
sudo rmdir /sys/fs/cgroup/containerforge

Save the file:

Press Ctrl + X
Press Y
Press Enter

Make the script executable:

chmod +x ~/container-cleanup.sh

Run the script

~/container-cleanup.sh

Challenges and Learnings

Let's be real – containerization isn't always smooth sailing. I'll share my personal challenges, including:

Managing cgroup inconsistencies

Cgroup Configuration:

Different Linux distributions use different cgroup versions

Namespace configuration hurdles

Network Isolation:

Setting up proper network namespaces and routing

Common denied access in container creation

Filesystem Permissions:

Ensuring proper access rights in the chroot environment

Troubleshooting techniques

Resource Limits:

Verifying that cgroup limits were actually being enforced

Security Considerations

When manually creating containers be mindful of:

Limiting root access within the container
Implementing strict network isolation
Regularly updating base system packages
Using non-root users for application execution
Configuring minimal necessary permissions

Pro Tip: Always treat containers as potential attack surfaces and apply the principle of least privilege.

Pro Tips

🚀 Automation is Key

While we didn't use scripts in this tutorial, creating automation scripts can:

Reduce manual configuration errors
Speed up environment setup
Allow quick iteration and testing
Provide reproducible deployment processes

Have you played with Linux containerization? What would you have done different? Share your experiences, challenges, and solutions in the comments! Let's learn and grow together.

Conclusion

Stay curious not anxious!!!!!! AND keep experimenting and never stop learning! 🦦

Build Your Own Lightweight Containers Without Docker

Muad — Fri, 28 Mar 2025 05:28:32 +0000

Introduction: Application Isolation

Why Self-Containerization Matters

This is where self-containerization using Linux namespaces and control groups (cgroups) comes in, offering several distinct advantages:

Complete Resource Control: Precisely limit CPU, memory, network, and disk usage for each application
Minimal Overhead: Run containers with virtually no performance penalty
Deep System Understanding: Learn how containers actually work under the hood
Flexibility: Create custom isolation environments tailored to your exact requirements
Learning Opportunity: Gain insights into Linux internals and system-level programming, I mean why not? just challenge yourself!

Prerequisites

For this tutorial, you'll need:

A cloud VM or local machine running Ubuntu 22.04.2 LTS
Root or sudo access
Basic understanding of Linux command-line operations
Bash scripting knowledge (helpful but not mandatory)

Container Architecture Diagram

Here's a simple diagram description you can use (convert to an image using any drawing tool):

┌─────────────────────────────────────────────────────────────────┐
│                          Host System                            │
│                                                                 │
│  ┌───────────────────────────────────────────────────────────┐  │
│  │                   Container Namespace                     │  │
│  │                                                           │  │
│  │  ┌─────────────────────────────────────────────────────┐  │  │
│  │  │              Chroot Environment                     │  │  │
│  │  │                                                     │  │  │
│  │  │  ┌────────────┐    ┌──────────────────────────┐     │  │  │
│  │  │  │ Non-root   │    │ Python Web Application   │     │  │  │
│  │  │  │   User     │    │      (Port 8000)         │     │  │  │
│  │  │  └────────────┘    └──────────────────────────┘     │  │  │
│  │  │                                                     │  │  │
│  │  │              Resource Limits (Cgroups)              │  │  │
│  │  │         Memory: 256MB, CPU Weight: 50               │  │  │
│  │  └─────────────────────────────────────────────────────┘  │  │
│  │                                                           │  │
│  │  Network: veth1-new (192.168.200.2)                       │  │
│  └───────────────────────────────────────────────────────────┘  │
│                                                                 │
│  Network: veth0-new (192.168.200.1)                             │
│                                                                 │
│  Port Forwarding: 80 → 192.168.200.2:8000 # note internal IP    │                 │                                                                 │
└─────────────────────────────────────────────────────────────────┘
         │
         │ Internet
         ▼
    Public Access
   (Your VM Public IP)

Tutorial Roadmap

1) Environment Setup

Preparing your Linux system
Installing necessary tools and dependencies

2) Root Filesystem Creation

Building a minimal filesystem for your container
Configuring basic system components

3) Resource Limitation with Cgroups

Understanding control groups
Setting CPU, memory, and I/O constraints

4) Sample Application Deployment

Creating a demo application
Verifying container configuration

5) Container Initialization

Launching your isolated application environment
Networking and namespace configuration

Step 1: Environment Setup

First, let's prepare our system with the necessary tools:

# Update system packages
sudo apt update
sudo apt upgrade -y

# Install required tools
sudo apt install -y util-linux debootstrap iptables iproute2 cgroup-tools net-tools curl

Step 2: Root Filesystem Creation

Create a minimal root filesystem for our container:

# Create project directory
mkdir -p ~/container-forge/rootfs

# Create minimal Ubuntu filesystem
sudo debootstrap --variant=minbase focal ~/container-forge/rootfs

# Create necessary directories
sudo mkdir -p ~/container-forge/rootfs/{proc,sys,dev,tmp,run,home,opt}

# Set hostname
echo "containerforge" | sudo tee ~/container-forge/rootfs/etc/hostname

# Install basic packages
sudo chroot ~/container-forge/rootfs apt update
sudo chroot ~/container-forge/rootfs apt install -y python3 net-tools iputils-ping iproute2 curl

# Create non-root user
sudo chroot ~/container-forge/rootfs useradd -m container_user

Step 3: Resource Limitation with Cgroups

Set up resource limits using cgroups:

# Create cgroup directory
sudo mkdir -p /sys/fs/cgroup/containerforge

# Set memory limit (256MB)
echo "268435456" | sudo tee /sys/fs/cgroup/containerforge/memory.max

# Set CPU weight (50 out of 100)
echo "50" | sudo tee /sys/fs/cgroup/containerforge/cpu.weight

# Enable controllers
echo "+memory +cpu" | sudo tee /sys/fs/cgroup/containerforge/cgroup.subtree_control

Step 4: Sample Application Deployment

Create a simple Python web application:

# Create application directory
sudo mkdir -p ~/container-forge/rootfs/opt/python-app

# Create Python web application
cat << EOF | sudo tee ~/container-forge/rootfs/opt/python-app/app.py
#!/usr/bin/env python3
from http.server import HTTPServer, BaseHTTPRequestHandler

class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.end_headers()
        self.wfile.write(b'Hello World this is Muad from Python app!')

httpd = HTTPServer(('0.0.0.0', 8000), SimpleHTTPRequestHandler)
print("Server started at http://0.0.0.0:8000")
httpd.serve_forever()
EOF

# Make the application executable
sudo chmod +x ~/container-forge/rootfs/opt/python-app/app.py

Step 5: Container Initialization

Set up networking and launch the container:

NB: the ROOTFS path (/home/ubuntu/container-forge/rootfs) ADD your specific username.

NB: # Ensure port 80 is open (if using a cloud VM) sudo ufw allow 80/tcp # For Ubuntu's firewall

# Create network namespace
sudo ip netns add container-net-new

# Create virtual ethernet pair
sudo ip link add veth0-new type veth peer name veth1-new

# Move veth1-new to container namespace
sudo ip link set veth1-new netns container-net-new

# Configure host end
sudo ip addr add 192.168.200.1/24 dev veth0-new
sudo ip link set veth0-new up

# Configure container end
sudo ip netns exec container-net-new ip addr add 192.168.200.2/24 dev veth1-new
sudo ip netns exec container-net-new ip link set veth1-new up
sudo ip netns exec container-net-new ip link set lo up

# Enable IP forwarding
sudo sysctl -w net.ipv4.ip_forward=1

# Set up NAT for outbound connections
sudo iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -j MASQUERADE

# Add default route in container
sudo ip netns exec container-net-new ip route add default via 192.168.200.1

# Run the containerized application
ROOTFS="/home/gradific/container-forge/rootfs"
sudo ip netns exec container-net-new \
  sudo chroot $ROOTFS su - container_user -c "cd /opt/python-app && python3 app.py"

Deployment and Monitoring

To make your container accessible from the internet:

# Stop Nginx if it's running
sudo systemctl kill nginx

# Set up port forwarding
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.200.2:8000
sudo iptables -A FORWARD -p tcp -d 192.168.200.2 --dport 8000 -j ACCEPT

Now your application is accessible at:

http://<your-public-ip>

Results

Environment Setup

Root Filesystem Creation

Screenshot of the filesystem structure: ls -la ~/container-forge/rootfs:

Resource Limits

Screenshot of cgroup setup: cat /sys/fs/cgroup/containerforge/memory.max:

Screenshot of CPU limits: cat /sys/fs/cgroup/containerforge/cpu.weight:

Network Configuration

Screenshot of network namespace: ip netns list:

Screenshot of container interfaces: sudo ip netns exec container-net-new ip addr:

Screenshot of host interfaces: ip addr | grep veth0-new:

Container Running

Screenshot of Python server running:

Screenshot of accessing via curl: curl http://192.168.200.2:8000:

Public Access

Browser screenshot showing the page:

Cleanup Script

Cleanup Note: After completing this exercise, use the provided cleanup script to remove container resources and restore your system to its original state:

To create and use the cleanup script:

Create the script:

nano ~/container-cleanup.sh

Then add the script text below:

#!/bin/bash

# Clean up network namespace
sudo ip netns delete container-net-new

# Remove iptables rules
sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.200.2:8000
sudo iptables -D FORWARD -p tcp -d 192.168.200.2 --dport 8000 -j ACCEPT
sudo iptables -t nat -D POSTROUTING -s 192.168.200.0/24 -j MASQUERADE

# Remove cgroup
sudo rmdir /sys/fs/cgroup/containerforge

Save the file:

Press Ctrl + X
Press Y
Press Enter

Make the script executable:

chmod +x ~/container-cleanup.sh

Run the script

~/container-cleanup.sh

Challenges and Learnings

Let's be real – containerization isn't always smooth sailing. I'll share my personal challenges, including:

Managing cgroup inconsistencies

Cgroup Configuration:

Different Linux distributions use different cgroup versions

Namespace configuration hurdles

Network Isolation:

Setting up proper network namespaces and routing

Common denied access in container creation

Filesystem Permissions:

Ensuring proper access rights in the chroot environment

Troubleshooting techniques

Resource Limits:

Verifying that cgroup limits were actually being enforced

Security Considerations

When manually creating containers be mindful of:

Limiting root access within the container
Implementing strict network isolation
Regularly updating base system packages
Using non-root users for application execution
Configuring minimal necessary permissions

Pro Tip: Always treat containers as potential attack surfaces and apply the principle of least privilege.

Pro Tips

🚀 Automation is Key

While we didn't use scripts in this tutorial, creating automation scripts can:

Reduce manual configuration errors
Speed up environment setup
Allow quick iteration and testing
Provide reproducible deployment processes

Have you played with Linux containerization? What would you have done different? Share your experiences, challenges, and solutions in the comments! Let's learn and grow together.

Conclusion

Stay curious not anxious!!!!!! AND keep experimenting and never stop learning! 🦦

Deploying First Nginx Web Page

Muad — Fri, 31 Jan 2025 22:39:04 +0000

Task Introduction:

How to successfully deployed a public Nginx web page by setting up a domain, configuring DNS records, launching an EC2 instance, and hosting a custom HTML page.

Steps Taken:

Created a web domain on HostAfrica.com.
Added the domain and subdomain (xyz.domainName.com) in Route 53.
Launched an EC2 instance (free tier) and connected via Session Manager.
Updated packages: sudo apt update.
Installed Nginx: sudo apt install nginx.
Started and enabled Nginx:
sudo systemctl start nginx sudo systemctl enable nginx
Edited /var/www/html/index.html with a custom HTML page:

<!DOCTYPE html>
<html>
<head>
    <title>Welcome</title>
</head>
<body>
    <h1>Welcome to this page</h1>
</body>
</html>

Created an A record in Route 53 for the subdomain xyz.domainName.com pointing to the EC2 public IP.

Result:

The Nginx web page is now live and accessible publicly at http://xyz.domainName.com. Let’s move to Stage 1!

Challenges Faced and How I Overcame Them

The main challenge was the cost of purchasing a domain and using AWS Route 53, which I managed by leveraging the AWS Free Tier for EC2 and optimizing resource usage to keep expenses low.

How This Task Contributes to My Learning and Professional Goals

This task helped me refresh my domain configuration skills, gain hands-on experience with AWS services like EC2 and Route 53, and move closer to my goal of becoming a proficient cloud engineer.

References

I used the guide at https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04 to install Nginx,

For those interested in learning more, check out

https://hng.tech/hire/devops-engineers and https://hng.tech/hire/cloud-engineers.

Automate Manage Users and Groups with a Bash Script

Muad — Wed, 03 Jul 2024 23:23:47 +0000

Okay, we are here to transform your SysOps workflow with a simple Bash script that automates user and group management effortlessly.

This blog post is part of a series aimed at preserving knowledge for my future self-study guide by creating more projects of this nature, helping me connect with like-minded techies. Join me as we explore how to automate user and group management seamlessly with a Bash script.

Let's get started!

Follow these prerequisites and you're good to go executing your bash script

- Linux Environment:

Choose a Linux environment that suits your needs. For this blog, I'm using Kali OS version 2022.4 (Debian-based).

- Install Visual Studio Code (Optional):

You can execute the script in the terminal using editors like Vim, Vi, or Nano.

- Create Necessary Directories:

Ensure the directories required by the script are available:

sudo mkdir -p /var/secure/

- Set Permissions:

Set appropriate permissions for the directories and files:

sudo touch /var/log/user_management.log
sudo touch /var/secure/user_passwords.csv
sudo chmod 600 /var/secure/user_passwords.csv

- Install Required Utilities:

Make sure all necessary utilities are installed. These are usually pre-installed but you can always check them again:

sudo apt-get update
sudo apt-get install passwd coreutils openssl

- Prepare your Bash File:

Shebang

#!/bin/bash

Specifies the code runs in the Bash shell.

Specify your script to run as root

if [ "$EUID" -ne 0 ]; then
  echo "This script must be run as root"
  exit 1
fi

It will alert an error message if you don't run the script as root.

Function to log actions with a timestamp

log_action() {
  echo "$(date +'%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

Logs each record with a timestamp to the log file. The tee -a command appends the message to the log file and also displays it on the terminal.

Function to create a user and assign groups

create_user() {
  local username="$1"
  local groups="$2"

When calling the create_user function with two arguments, the first argument will be stored in the username variable ($1) and the second argument will be stored in the groups variable ($2).

Trim whitespace

  username=$(echo "$username" | xargs)
  groups=$(echo "$groups" | xargs)

Trims any leading or trailing whitespace from the username and groups variables using the xargs command.

Check if user already exists

  if id "$username" &>/dev/null; then
    log_action "User $username already exists. (No action taken)"
    return
  fi

This code checks if the user specified by username exists and if so logs a message and exits the function without taking any further action.

Create group for the user if it doesn't exist

  if ! getent group "$username" &>/dev/null; then
    groupadd "$username"
    log_action "Group $username created."
  fi

It creates a new user group if the group is missing.

Create user with a home directory and add to group

  useradd -m -g "$username" -s /bin/bash "$username"
  log_action "User $username created with directory and group $username."

It creates a new user with a home directory and adds the user to the specified group.

Generate a random password for the new user

  password=$(openssl rand -base64 12)
  echo "$username:$password" | chpasswd
  log_action "Password for $username."

This code generates a random password for the new user, sets it and logs the action.

Securely store the password

  echo "$username,$password" | tee -a "$PASSWORD_FILE"

Combines the values stored in $username and $password into a single string separated by a comma, appends this string to the file specified by $PASSWORD_FILE and prints it on the terminal as well.

Add user to additional groups if specified

  if [ -n "$groups" ]; then
    IFS=',' read -r -a group_array <<< "$groups"
    for group in "${group_array[@]}"; do
      group=$(echo "$group" | xargs)
      if ! getent group "$group" &>/dev/null; then
        groupadd "$group"
        log_action "Group $group created."
      fi
      usermod -aG "$group" "$username"
      log_action "User $username added to group $group."
    done
  fi
}

Check if the input file is provided or the manual flag is used

if [ -z "$1" ]; then
  echo "Usage: $0 <textfile.txt> or $0 --manual"
  exit 1
fi

Define log action and password storage

LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"

Ensure the directories and log file exist

mkdir -p /var/secure/
touch "$LOG_FILE"
touch "$PASSWORD_FILE"
chmod 600 "$PASSWORD_FILE"

Debugging output

echo "DEBUG: LOG_FILE=$LOG_FILE"
echo "DEBUG: PASSWORD_FILE=$PASSWORD_FILE"
if [ "$1" == "--manual" ]; then
  echo "Enter the username:"
  read username
  echo "Enter the groups (use comma separation for more than ONE group (e.g., dev,devops)):"
  read groups
  create_user "$username" "$groups"
else
  INPUT_FILE=$1
  while IFS=';' read -r username groups; do
    create_user "$username" "$groups"
  done < "$INPUT_FILE"
fi
log_action "User creation successful."
echo "User creation successful"

- Reads a text file of employee usernames and group names formatted as `user;groups` per line:

Create a text file containing the usernames and groups in the format user;groups. Each line should represent a user and their associated groups.

Include a plain text file called 'textfile.txt' and add this data:

username1;a,admin
username2;dev
username3;devops,admin

- Script Execution:

Make the script executable then run it. Navigate to the directory where your 'create_users.sh' file is saved and then execute the command:

chmod +x create_users.sh

Here we have two methods to run the bash script:

OPTION 1 - sudo ./create_users.sh textfile.txt

OPTION 2 - sudo ./create_users.sh --manual

- Results in command line:

When using the command sudo ./create_users.sh textfile.txt here is the result:

When using the command sudo ./create_users.sh --manual here is the result:

- Testing existing created user:

Rejected input when an existing user was found in the logs.

Start your journey to becoming a world-class developer today!

Automate Manage Users and Groups with a Bash Script

Muad — Wed, 03 Jul 2024 23:23:47 +0000

Okay, we are here to transform your SysOps workflow with a simple Bash script that automates user and group management effortlessly.

This blog post is part of a series aimed to preserving kowledge for my future self study guide by creating more project of this nature helping me connect with like minded techies. Join me as we explore how to automate user and group management seamlesssly with a Bash script.

Let's get started!

Follow these prerequisites and you're good to go executing your bash script

- Linux Environment:

Choose a Linux environment that suits your needs. For this blog, I'm using Kali OS version 2022.4 (Debian-based).

- Install Visual Studio Code (Optional, you can execute the script in terminal using editors like Vim, Vi, or Nano)

- Create Necessary Directories:

Ensure the directories required by the script are available.
sudo mkdir -p /var/secure/

- Set Permissions:

Set appropriate permissions for the directories and files.
sudo touch /var/log/user_management.log
sudo touch /var/secure/user_passwords.csv
sudo chmod 600 /var/secure/user_passwords.csv

- Install Required Utilities:

Make sure all necessary utilities are installed. These are usually pre-installed, but you can always check them again.
sudo apt-get update
sudo apt-get install passwd coreutils openssl

- Prepare your Bash File:

Shebang

#!/bin/bash
Specifies the code runs in Bash shell

Specify your script to run in root

if [ "$EUID" -ne 0 ]; then echo "This script must be run as root" exit 1 fi
It will alert an error message if you don't use script the code in root

Function to log actions timestamp

log_action() { echo "$(date +'%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE" }
Logs each record with a timestamp to the log file. The tee -a command appends the message to the log file and also displays it on the terminal.

Function to create a user and assign groups create_user() { local username="$1" local groups="$2" When calling create_user function with two arguments, the first argument will be stored in the username variable which also represents the ('$1') as first argument and the second argument will be stored in the groups variable ('$1').
Trim whitespace
username=$(echo "$username" | xargs) groups=$(echo "$groups" | xargs)
Trims any leading or trailing whitespace from the username and groups variables while using the xargs command.
Checks against logs if user already exist in the logs (file)
if id "$username" &>/dev/null; then log_action "User $username already exists. (No action taken)" return fi
This code checks if the user specified by username exists, and if so, logs a message and exits the function without taking any further action.
Create group for the user if it doesn't exist
if ! getent group "$username" &>/dev/null; then groupadd "$username" log_action "Group $username created." fi
It simply creates new user group if group is missing.
Create user with home directory and add group
useradd -m -g "$username" -s /bin/bash "$username" log_action "User $username created with directory and group $username."
It simply creates new user.
Generate a rand passwrd for new user
password=$(openssl rand -base64 12) echo "$username:$password" | chpasswd log_action "Password for $username."
This code generates a random password for the new user, sets it, and logs the action.
Securly store passwrd
echo "$username,$password" | tee -a "$PASSWORD_FILE"
the values stored in the $username and $password combines them into a single string separated by a comma, and then appends this string to the file specified by $PASSWORD_FILE and it prints on the terminal as well.
Add user to additional groups if specified
if [ -n "$groups" ]; then IFS=',' read -r -a group_array <<< "$groups" for group in "${group_array[@]}"; do group=$(echo "$group" | xargs) if ! getent group "$group" &>/dev/null; then groupadd "$group" log_action "Group $group created." fi usermod -aG "$group" "$username" log_action "User $username added to group $group." done fi }
Check if the input file is provided or manual flag is used

if [ -z "$1" ]; then echo "Usage: $0 <textfile.txt> or $0 --manual" exit 1 fi

Define log action and password stroage
LOG_FILE="/var/log/user_management.log" PASSWORD_FILE="/var/secure/user_passwords.csv"
Ensure the directories and log file exist
mkdir -p /var/secure/ touch "$LOG_FILE" touch "$PASSWORD_FILE" chmod 600 "$PASSWORD_FILE"
Debugging output
echo "DEBUG: LOG_FILE=$LOG_FILE" echo "DEBUG: PASSWORD_FILE=$PASSWORD_FILE" if [ "$1" == "--manual" ]; then echo "Enter the username:" read username echo "Enter the groups ( use comma seperation for more than ONE group (e.g: dev,devops)):" read groups create_user "$username" "$groups" else INPUT_FILE=$1 while IFS=';' read -r username groups; do create_user "$username" "$groups" done < "$INPUT_FILE" fi
log_action "User creation successful." echo "User creation successful"

- Reads a text file of employee usernames and group names, formatted as user;groups per line:

Create a text file containing the usernames and groups in the format user;groups. Each line should represent a user and their associated groups.

Include a plain text file called 'textfile.txt' and add this data:

username1;a,admin username2;dev username3;devops,admin

- Script Execution:

Script executable command then run it. Your 'create_users.sh' file head to the directory your file is saved and then execute the command.

chmod +x create_users.sh

Here we have two method to run the bash script

OPTION 1 - SUDO ./create_users.sh textfile.txt
OPTION 2 - SUDO ./create_users.sh --manual

- Results in command line

-When using command sudo ./create_users.sh textfile.txt here is the result.

When using command sudo ./create_users.sh --manual here is the result.

- Testing exisitng created User

Rejected input when exisitng user was found in the logs.