The latest articles on DEV Community by Vivienne Dotsey (@vivienne). https://dev.to/vivienne https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1720546%2F45dd84b3-62b5-4af0-925f-1d0ad151eed2.png https://dev.to/vivienne en Vivienne Dotsey Wed, 03 Jul 2024 23:42:35 +0000 https://dev.to/vivienne/automate-user-and-group-management-with-bash-a-comprehensive-guide-3h5d https://dev.to/vivienne/automate-user-and-group-management-with-bash-a-comprehensive-guide-3h5d <h3> Introduction </h3> <p>Managing user accounts and groups is a crucial task for SysOps engineers, especially in an environment with many new developers. This article introduces a Bash script designed to automate these tasks, ensuring efficiency, consistency, and security. The script reads from a text file, creates users and groups as specified, sets up home directories, generates random passwords, logs actions, and stores passwords securely.</p> <h3> Why Automate User and Group Management? </h3> <p>Automation in user management offers several advantages:</p> <ul> <li> <strong>Efficiency:</strong> Reduces the time spent on repetitive tasks.</li> <li> <strong>Consistency:</strong> Ensures uniformity in user setup across the organization.</li> <li> <strong>Security:</strong> Automatically generates secure passwords and sets appropriate permissions.</li> <li> <strong>Auditability:</strong> Maintains a detailed log of actions for accountability.</li> </ul> <h3> The Bash Script: create_users.sh </h3> <p>Here's a step-by-step breakdown of the script:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># Check if the input file exists</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Error: Input file not found."</span> <span class="nb">exit </span>1 <span class="k">fi</span> <span class="c"># Define log and password file locations</span> <span class="nv">LOG_FILE</span><span class="o">=</span><span class="s2">"/var/log/user_management.log"</span> <span class="nv">PASSWORD_FILE</span><span class="o">=</span><span class="s2">"/var/secure/user_passwords.csv"</span> <span class="c"># Initialize log file if it doesn't exist</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sudo touch</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="nb">sudo chown </span>root:root <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="nb">sudo chmod </span>600 <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Initialize password file if it doesn't exist</span> <span class="k">if</span> <span class="o">[</span> <span class="o">!</span> <span class="nt">-f</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sudo mkdir</span> <span class="nt">-p</span> /var/secure <span class="nb">sudo touch</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="nb">sudo chown </span>root:root <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="nb">sudo chmod </span>600 <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># Redirect stdout and stderr to the log file</span> <span class="nb">exec</span> <span class="o">&gt;</span> <span class="o">&gt;(</span><span class="nb">sudo tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$LOG_FILE</span><span class="s2">"</span><span class="o">)</span> 2&gt;&amp;1 <span class="c"># Function to check if a user exists</span> user_exists<span class="o">()</span> <span class="o">{</span> <span class="nb">id</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> &amp;&gt;/dev/null <span class="o">}</span> <span class="c"># Read each line from the input file</span> <span class="k">while </span><span class="nv">IFS</span><span class="o">=</span><span class="s1">';'</span> <span class="nb">read</span> <span class="nt">-r</span> username <span class="nb">groups</span><span class="p">;</span> <span class="k">do</span> <span class="c"># Trim whitespace</span> <span class="nv">username</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s1">'[:space:]'</span><span class="si">)</span> <span class="nb">groups</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> | <span class="nb">tr</span> <span class="nt">-d</span> <span class="s1">'[:space:]'</span><span class="si">)</span> <span class="c"># Check if the user already exists</span> <span class="k">if </span>user_exists <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> already exists."</span> <span class="k">continue fi</span> <span class="c"># Create user</span> <span class="nb">sudo </span>useradd <span class="nt">-m</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Create personal group (same as username)</span> <span class="nb">sudo </span>groupadd <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Add user to personal group</span> <span class="nb">sudo </span>usermod <span class="nt">-aG</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Create home directory</span> <span class="nb">sudo mkdir</span> <span class="nt">-p</span> <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">sudo chown</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$username</span><span class="s2">"</span> <span class="s2">"/home/</span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Generate random password</span> <span class="nv">password</span><span class="o">=</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 12<span class="si">)</span> <span class="c"># Set password for user</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$password</span><span class="s2">"</span> | <span class="nb">sudo </span>chpasswd <span class="c"># Log actions</span> <span class="nb">echo</span> <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> created. Password: </span><span class="nv">$password</span><span class="s2">"</span> <span class="c"># Store passwords securely</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">,</span><span class="nv">$password</span><span class="s2">"</span> | <span class="nb">sudo tee</span> <span class="nt">-a</span> <span class="s2">"</span><span class="nv">$PASSWORD_FILE</span><span class="s2">"</span> <span class="c"># Add user to specified groups</span> <span class="k">if</span> <span class="o">[</span> <span class="nt">-n</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nv">IFS</span><span class="o">=</span><span class="s1">','</span> <span class="nb">read</span> <span class="nt">-ra</span> group_list <span class="o">&lt;&lt;&lt;</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="k">for </span>group <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">group_list</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do </span><span class="nb">sudo </span>usermod <span class="nt">-aG</span> <span class="s2">"</span><span class="nv">$group</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"Added </span><span class="nv">$username</span><span class="s2"> to group </span><span class="nv">$group</span><span class="s2">"</span> <span class="k">done fi done</span> &lt; <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> </code></pre> </div> <h3> How to Use the Script </h3> <ol> <li> <strong>Prepare the Input File:</strong> Create a text file where each line follows the format <code>user;groups</code>, with usernames separated from their groups by a semicolon and groups separated by commas.</li> </ol> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> light; sudo,dev,www-data idimma; sudo mayowa; dev,www-data </code></pre> </div> <ol> <li> <strong>Run the Script:</strong> Execute the script with the input file as an argument: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> bash create_users.sh &lt;name-of-text-file&gt; </code></pre> </div> <ol> <li> <strong>Verify the Output:</strong> <ul> <li> <strong>Log File:</strong> Check <code>/var/log/user_management.log</code> for a detailed log of actions performed.</li> <li> <strong>Password File:</strong> Passwords are securely stored in <code>/var/secure/user_passwords.csv</code>.</li> </ul> </li> </ol> <h3> Benefits of the Script </h3> <ul> <li> <strong>Automation:</strong> Saves time and reduces human error by automating user creation.</li> <li> <strong>Security:</strong> Generates secure passwords and sets appropriate permissions.</li> <li> <strong>Logging:</strong> Provides a detailed log for auditing and troubleshooting.</li> </ul> <h3> Learn More with HNG Internship </h3> <p>Interested in enhancing your skills and working on real-world projects? Check out the <a href="https://hng.tech/internship">HNG Internship</a> program to learn from industry experts and gain valuable experience. You can also explore opportunities to <a href="https://hng.tech/hire">hire top talent</a> from the HNG community.</p> <h3> Conclusion </h3> <p>Automating user management with a Bash script can significantly improve the efficiency and security of your IT operations. This script provides a robust solution for managing user accounts, ensuring a consistent and secure setup for new developers. By leveraging automation, you can focus on more strategic tasks, confident that new developers are onboarded efficiently and securely.</p> <p>For the complete script and further details, visit the <a href="https://github.com/your-repo/create_users">GitHub repository</a>.</p> <p>Feel free to leave comments or questions below, and happy automating!</p>