DEV Community: Thelma Ocansey The latest articles on DEV Community by Thelma Ocansey (@thelma_ocansey). https://dev.to/thelma_ocansey https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1726428%2F626ea83d-90d4-4bd8-bc35-605a8fd4b8f4.png DEV Community: Thelma Ocansey https://dev.to/thelma_ocansey en Automating User and Group Management with a Bash Script. Thelma Ocansey Wed, 03 Jul 2024 23:37:38 +0000 https://dev.to/thelma_ocansey/automating-user-and-group-management-with-a-bash-script-2b64 https://dev.to/thelma_ocansey/automating-user-and-group-management-with-a-bash-script-2b64 <p>As a SysOps engineer, one of your responsibilities is to streamline and automate the process of user management. With the recent influx of new developers at our company, managing user accounts and their group memberships efficiently is crucial. In this article, I’ll walk you through a Bash script that automates the creation of users, assigns them to groups, and sets up their home directories with proper permissions. Additionally, the script logs all actions and securely stores the generated passwords.</p> <p>This task is part of the HNG Internship, a fantastic program that helps interns gain real-world experience. You can learn more about the program at the <a href="https://hng.tech/internship">HNG Internship website</a> or consider hiring some of their talented interns through the <a href="https://hng.tech/hire">HNG Hire page</a>.</p> <p>The source code can be found on my <a href="https://github.com/nthelma30/Create_User.sh.git">https://github.com/nthelma30/Create_User.sh.git</a></p> <h3> The Task </h3> <p>We need to create a Bash script called <code>create_users.sh</code> that:</p> <ol> <li>Reads a text file with usernames and groups.</li> <li>Creates users and groups as specified.</li> <li>Sets up home directories with appropriate permissions.</li> <li>Generates random passwords for the users.</li> <li>Logs all actions to <code>/var/log/user_management.log</code>.</li> <li>Stores the generated passwords securely in <code>/var/secure/user_passwords.csv</code>.</li> </ol> <h3> Input File Format </h3> <p>The input file should contain lines formatted as <code>user;groups</code>, where <code>user</code> is the username, and <code>groups</code> is a comma-separated list of group names. For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>light; sudo,dev,www-data idimma; sudo mayowa; dev,www-data </code></pre> </div> <h3> The Script </h3> <p>Here is the <code>create_users.sh</code> script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># Check if the input file exists</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Error: Input file not found."</span> <span class="nb">exit </span>1 <span class="k">fi</span> <span class="c"># Ensure log and secure directories are initialized once</span> <span class="nv">LOG_FILE</span><span class="o">=</span><span class="s2">"/var/log/user_management.log"</span> <span class="nv">PASSWORD_FILE</span><span class="o">=</span><span class="s2">"/var/secure/user_passwords.csv"</span> <span class="c"># Initialize log file</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sudo touch</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="nb">sudo chown </span>root:root <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="nb">sudo chmod </span>600 <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Initialize password file</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sudo mkdir</span> <span class="nt">-p</span> /var/secure <span class="nb">sudo touch</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="nb">sudo chown </span>root:root <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="nb">sudo chmod </span>600 <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Redirect stdout and stderr to the log file</span> <span class="nb">exec</span> <span class="o">&gt;</span> <span class="o">&gt;(</span><span class="nb">sudo tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span><span class="o">)</span> 2&gt;&amp;1 <span class="c"># Function to check if user exists</span> user_exists<span class="o">()</span> <span class="o">{</span> <span class="nb">id</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> &amp;&gt;/dev/null <span class="o">}</span> <span class="c"># Function to check if a group exists</span> group_exists<span class="o">()</span> <span class="o">{</span> getent group <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1 <span class="o">}</span> <span class="c"># Function to check if a user is in a group</span> user_in_group<span class="o">()</span> <span class="o">{</span> <span class="nb">id</span> <span class="nt">-nG</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> | <span class="nb">grep</span> <span class="nt">-qw</span> <span class="s2">"</span><span class="nv">$2</span><span class="s2">"</span> <span class="o">}</span> <span class="c"># Read each line from the input file</span> <span class="k">while </span><span class="nv">IFS</span><span class="o">=</span><span class="s1">';'</span> <span class="nb">read</span> <span class="nt">-r</span> username <span class="nb">groups</span><span class="p">;</span> <span class="k">do</span> <span class="c"># Trim whitespace</span> <span class="nv">username</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s1">'[:space:]'</span><span class="si">)</span> <span class="nb">groups</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s1">'[:space:]'</span><span class="si">)</span> <span class="c"># Check if the user already exists</span> <span class="k">if </span>user_exists <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> already exists."</span> <span class="k">else</span> <span class="c"># Create user</span> <span class="nb">sudo </span>useradd <span class="nt">-m</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Generate random password</span> <span class="nv">password</span><span class="o">=</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 12<span class="si">)</span> <span class="c"># Set password for user</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$password</span><span class="s2">"</span> | <span class="nb">sudo </span>chpasswd <span class="c"># Log actions</span> <span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> created. Password: </span><span class="nv">$password</span><span class="s2">"</span> <span class="c"># Store passwords securely</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">,</span><span class="nv">$password</span><span class="s2">"</span> | <span class="nb">sudo tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Ensure the user's home directory and personal group exist</span> <span class="nb">sudo mkdir</span> <span class="nt">-p</span> <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">sudo chown</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Ensure the user's personal group exists</span> <span class="k">if</span> <span class="o">!</span> group_exists <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">sudo </span>groupadd <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="k">fi </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Split the groups string into an array</span> <span class="nv">IFS</span><span class="o">=</span><span class="s1">','</span> <span class="nb">read</span> <span class="nt">-ra</span> group_array <span class="o">&lt;&lt;&lt;</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="c"># Check each group</span> <span class="k">for </span>group <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">group_array</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do if</span> <span class="o">[[</span> <span class="nt">-n</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then if </span>group_exists <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Group </span><span class="nv">$group</span><span class="s2"> exists."</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Group </span><span class="nv">$group</span><span class="s2"> does not exist. Creating group </span><span class="nv">$group</span><span class="s2">."</span> <span class="nb">sudo </span>groupadd <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="k">fi if </span>user_in_group <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> is already in group </span><span class="nv">$group</span><span class="s2">."</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"Adding user </span><span class="nv">$username</span><span class="s2"> to group </span><span class="nv">$group</span><span class="s2">."</span> <span class="nb">sudo </span>usermod <span class="nt">-aG</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="k">fi fi done done</span> &lt; <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> </code></pre> </div> <h3> Explanation </h3> <ol> <li> <strong>Input Validation</strong>: The script starts by checking if the input file exists. If not, it exits with an error message.</li> <li> <strong>Log and Password Files</strong>: It ensures that the log file (<code>/var/log/user_management.log</code>) and the password file (<code>/var/secure/user_passwords.csv</code>) are created with appropriate permissions.</li> <li> <strong>Functions</strong>: <ul> <li> <code>user_exists()</code>: Checks if a user already exists.</li> <li> <code>group_exists()</code>: Checks if a group already exists.</li> <li> <code>user_in_group()</code>: Checks if a user is a member of a group.</li> </ul> </li> <li> <strong>Processing the Input File</strong>: The script reads each line from the input file, trims whitespace, and processes the usernames and groups.</li> <li> <strong>User Creation</strong>: It creates the user if they do not already exist, generates a random password using <code>openssl rand -base64 12</code>, and sets the password.</li> <li> <strong>Home Directory and Personal Group</strong>: It ensures the user's home directory and personal group (named the same as the username) exist and sets the appropriate permissions.</li> <li> <strong>Group Membership</strong>: It processes each group, creating it if it doesn’t exist, and adds the user to the group.</li> </ol> <h3> Conclusion </h3> <p>This script provides an efficient way to manage user accounts and their group memberships, ensuring that all actions are logged and passwords are stored securely. By automating these tasks, SysOps engineers can save time and reduce the risk of errors.</p> <p>For more information about the HNG Internship and its benefits, visit the <a href="https://hng.tech/internship">HNG Internship website</a> or consider hiring from their pool of talented interns through the <a href="https://hng.tech/hire">HNG Hire page</a>.</p> <p>--<br> This article can be adapted to your specific requirements or company guidelines.</p> <p>Written by Thelma Ocansey</p>