User account creation using BASH

Uduakobong-Udombat — Wed, 03 Jul 2024 19:12:22 +0000

As a SysOps engineer, managing user accounts and groups efficiently is crucial for maintaining system security and access control. In this article, we’ll explore how to create a Bash script called create_users.sh that reads input from a text file, creates users and groups, sets up home directories, generates random passwords, logs actions, and securely stores passwords.

Prerequisites
Before we dive into the script, make sure you have the following:

A Linux system (e.g., Ubuntu, CentOS) with Bash installed.
Basic knowledge of Bash scripting.
The create_users.sh Script

#!/bin/bash
# automating user account creation

# Input file (usernames and groups)
input_file="$1"

# Log file
log_file="/var/log/user_management.log"

# Secure password storage file
password_file="/var/secure/user_passwords.txt"

# create secure directory

sudo mkdir -p /var/secure

# Function to generate a random password
generate_password() {

    # using 'openssl rand -base64 12’ to generate a 12-character password
    openssl rand -base64 12
}

# Read input file line by line
while IFS=';' read -r username groups; do
    # Create groups if they don't exist
    for group in $(echo "$groups" | tr ',' ' '); do
      groupadd "$group" 2>/dev/null || echo "Group $group already exists"
    done

    # Create user
    useradd -m "$username" -G "$groups" 2>/dev/null || echo "User $username already exists"

    # Set password
    password=$(generate_password)
    echo "$username:$password" | chpasswd

    # Log actions
    echo "$(date '+%Y-%m-%d %H:%M:%S') - Created user $username with groups: $groups" >> "$log_file"

    # Store password securely
    echo "$username:$password" >> "$password_file"
done < "$input_file"

Explanation:

Input File ($input_file): The script expects an input file containing lines with the format username; groups. Each user can belong to multiple groups (comma-separated).
Directory Creation: This is needed to make the location defined above available. If this is not available the code will still run but the passwords will not be logged as required. This step has to be done with elevated privileges, hence sudo.
Group Creation:
The script reads the input file and creates groups (if they don’t exist) using groupadd. Existing groups are skipped, and a message is logged.
User Creation:
Users are created using useradd with the specified groups. Existing users are skipped, and a message is logged.
Password Generation:
The generate_password function generates random passwords (customize as needed). Passwords are set using chpasswd.
Logging:
Actions (user creation, group creation) are logged with timestamps in $log_file.
Secure Password Storage:
Usernames and passwords are stored securely in $password_file.

- Usage

Make the script executable: chmod +x create_users.sh
Run the script with the input file: ./create_users.sh input.txt

This was a stage 1 DevOps Task at HNG. You can check for available roles at HNG here

This entire code is available at https://github.com/Uduakobong-Udombat/user_account_automation_with_bash

DEV Community: Uduakobong-Udombat

User account creation using BASH

Explanation: