DEV Community: ORIRE BANKOLE The latest articles on DEV Community by ORIRE BANKOLE (@orire). https://dev.to/orire https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1736314%2F922c8936-6ec5-4660-9798-d2ef4043e026.jpg DEV Community: ORIRE BANKOLE https://dev.to/orire en Test--Linux User Creation Bash Script ORIRE BANKOLE Fri, 05 Jul 2024 20:24:35 +0000 https://dev.to/orire/test-linux-user-creation-bash-script-13mj https://dev.to/orire/test-linux-user-creation-bash-script-13mj <p><strong>Using Bash Scripts to Automate User Management in Linux</strong></p> <p>In environments with multiple users and complex access requirements, managing user accounts on a Linux system can be a time-consuming task. Scripting automation improves security, preserves uniformity across user configurations, and streamlines this procedure. This article will examine a Bash script that can be used to automate tasks related to user management on a Linux system, with a focus on the script's features, organization, and advantages.</p> <h3> Overview of the Script </h3> <p>The script (<code>create_users.sh</code>) is designed to automate several key aspects of user management:</p> <ol> <li> <strong>Initialization and Setup</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Define the log and password file path</span> <span class="nv">LOG_FILE</span><span class="o">=</span><span class="s2">"/var/log/user_management.log"</span> <span class="nv">PASSWORD_FILE</span><span class="o">=</span><span class="s2">"/var/secure/user_passwords.txt"</span> <span class="c"># Ensure necessary directories exist and set permissions</span> <span class="nb">sudo mkdir</span> <span class="nt">-p</span> /var/log /var/secure <span class="nb">sudo touch</span> <span class="nv">$LOG_FILE</span> <span class="nv">$PASSWORD_FILE</span> <span class="nb">sudo chmod </span>600 <span class="nv">$LOG_FILE</span> <span class="nv">$PASSWORD_FILE</span> </code></pre> </div> <ul> <li> <strong>Purpose</strong>: Initializes paths for logging user management activities (<code>LOG_FILE</code>) and storing generated passwords (<code>PASSWORD_FILE</code>).</li> <li> <strong>Setup</strong>: Creates required directories (<code>/var/log</code> and <code>/var/secure</code>) if they do not exist and sets strict permissions to protect sensitive information.</li> </ul> <ol> <li> <strong>Input File Validation</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check if the input file is provided</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Error: Please provide a text file containing user data as an argument."</span> <span class="nb">exit </span>1 <span class="k">fi</span> </code></pre> </div> <ul> <li> <strong>Purpose</strong>: Ensures the script is executed with an input file (<code>user.txt</code>) containing user data.</li> <li> <strong>Error Handling</strong>: Exits gracefully if no input file is provided, preventing execution without necessary data.</li> </ul> <ol> <li> <strong>User and Group Management</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Read the input file line by line</span> <span class="k">while </span><span class="nv">IFS</span><span class="o">=</span> <span class="nb">read</span> <span class="nt">-r</span> line<span class="p">;</span> <span class="k">do</span> <span class="c"># Skip empty lines</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="nv">$line</span><span class="s2">"</span> <span class="o">]</span> <span class="o">&amp;&amp;</span> <span class="k">continue</span> <span class="c"># Extract username and groups</span> <span class="nv">IFS</span><span class="o">=</span><span class="s1">';'</span> <span class="nb">read</span> <span class="nt">-r</span> username <span class="nb">groups</span> <span class="o">&lt;&lt;&lt;</span> <span class="s2">"</span><span class="nv">$line</span><span class="s2">"</span> <span class="nv">username</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$username</span> | xargs<span class="si">)</span> <span class="c"># Trim whitespace</span> <span class="nb">groups</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$groups</span> | xargs<span class="si">)</span> <span class="c"># Trim whitespace</span> <span class="c"># Create user's personal group if not exists</span> <span class="k">if</span> <span class="o">!</span> getent group <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="o">&gt;</span> /dev/null<span class="p">;</span> <span class="k">then </span><span class="nb">sudo </span>groupadd <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2">: Created group </span><span class="nv">$username</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$LOG_FILE</span> <span class="k">fi</span> <span class="c"># Create user if not exists</span> <span class="k">if</span> <span class="o">!</span> <span class="nb">id</span> <span class="nt">-u</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1<span class="p">;</span> <span class="k">then </span><span class="nb">sudo </span>useradd <span class="nt">-m</span> <span class="nt">-g</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2">: Created user </span><span class="nv">$username</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$LOG_FILE</span> <span class="k">fi</span> <span class="c"># Add user to specified groups</span> <span class="nv">IFS</span><span class="o">=</span><span class="s1">','</span> <span class="nb">read</span> <span class="nt">-ra</span> group_array <span class="o">&lt;&lt;&lt;</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="k">for </span>group <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">group_array</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do </span><span class="nv">group</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$group</span> | xargs<span class="si">)</span> <span class="c"># Trim whitespace</span> <span class="k">if</span> <span class="o">!</span> getent group <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="o">&gt;</span> /dev/null<span class="p">;</span> <span class="k">then </span><span class="nb">sudo </span>groupadd <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2">: Created group </span><span class="nv">$group</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$LOG_FILE</span> <span class="k">fi </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2">: Added </span><span class="nv">$username</span><span class="s2"> to group </span><span class="nv">$group</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$LOG_FILE</span> <span class="k">done done</span> &lt; <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> </code></pre> </div> <ul> <li> <strong>Purpose</strong>: Iterates through each line of the input file (<code>user.txt</code>), extracts usernames and group memberships, creates users and groups if they do not exist, and assigns users to specified groups.</li> <li> <strong>Flexibility</strong>: Supports multiple group memberships per user, ensuring adaptable user management.</li> </ul> <ol> <li> <strong>Password Management</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Generate random password</span> <span class="nv">password</span><span class="o">=</span><span class="si">$(</span>/usr/bin/openssl rand <span class="nt">-base64</span> 12<span class="si">)</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">,</span><span class="nv">$password</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$PASSWORD_FILE</span> <span class="c"># Set user's password</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$password</span><span class="s2">"</span> | <span class="nb">sudo </span>chpasswd <span class="nb">echo</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2">: Set password for </span><span class="nv">$username</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$LOG_FILE</span> </code></pre> </div> <ul> <li> <strong>Purpose</strong>: Generates a random password securely using OpenSSL, logs it along with the username in <code>PASSWORD_FILE</code>, and sets the password using <code>chpasswd</code>.</li> <li> <strong>Security</strong>: Ensures passwords are randomly generated and securely stored, minimizing vulnerabilities.</li> </ul> <ol> <li> <strong>Permissions and Logging</strong> </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Set permissions and ownership for home directory</span> <span class="nb">sudo chown</span> <span class="nt">-R</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">sudo chmod </span>700 <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2">: Set permissions for /home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$LOG_FILE</span> </code></pre> </div> <ul> <li> <strong>Purpose</strong>: Sets appropriate permissions (<code>chmod</code>) and ownership (<code>chown</code>) for each user’s home directory to maintain security and privacy.</li> <li> <strong>Logging</strong>: Records all actions (user creation, group management, password setting) in <code>$LOG_FILE</code>, providing an audit trail for administrators.</li> </ul> <h3> Conclusion </h3> <p>Linux environments can benefit greatly from the efficiency, consistency, and security that come with automating user management tasks with scripts such as `create_users.sh}. Automating repetitive tasks allows system administrators to concentrate on more strategic aspects of system management and guarantee that security best practices are followed.</p> <p>Platforms such as <a href="https://hng.tech/internship" rel="noopener noreferrer">HNG Tech</a> provide opportunities for people who are interested in learning more about automation and system administration to work on real-world projects and challenges, improving their skills in Linux administration and other areas.</p> <p><strong>Learn more about HNG Internship:</strong></p> <ul> <li><a href="https://hng.tech/internship" rel="noopener noreferrer">HNG Internship Overview</a></li> <li><a href="https://hng.tech/premium" rel="noopener noreferrer">HNG Premium</a></li> </ul> <p>System administrators can enhance workflows, increase operational effectiveness, and contribute to a more secure computing environment by utilizing automation tools effectively.</p> <p>This article gives administrators the fundamental knowledge they need to comprehend and apply automated user management in Linux, enabling them to improve system security and expedite operations.</p>