DEV Community: wanjiru murira

Linux User Creation Bash Script

wanjiru murira — Wed, 03 Jul 2024 14:19:04 +0000

The purpose of this script is to read a text file containing an employee’s usernames and group names, where each line is formatted as user;groups.The script should create users and groups as specified, set up home directories with appropriate permissions and ownership and generate random passwords for the users.

The first line in this script is called a shebang which tells the OS which interpreter to use and in this case, the script will be interpreted and executed using Bash shell.

#!/bin/bash

Some instances within the script require elevated permissions. To ensure that they are no errors when the script is executed, it is best to ensure that one is a root user when executing the script.

ROOT_UID=0     
if [ "$UID" -ne "$ROOT_UID" ]; then
    echo"***** You must be the root user to run this script!*****"
    exit
fi

Key Functions
1. create_directories()

We need to first create two directories, /var/log/user_management.log and /var/secure/user_passwords.csv.The /var/log/user_management.log will be used to log all events that will be happening in our script and can be reviewed for troubleshooting.The /var/secure/user_passwords.csv will be used to store the created usernames and their passwords.This file is highly sensitive and should only be accessible to the owner.To achieve this, the permissions will be set to 700 on this file. chmod is used to set the appropriate permissions and chown is used to set ownership of the file.

log_dir="/var/log"
log_file="$log_dir/user_management.log"

secure_dir="/var/secure"
password_file="$secure_dir/user_passwords.csv"

# Function to create directories if they don't exist and assigning the necessary permission
create_directories() {
    # Create log directory if it doesn't exist
    if [ ! -d "$log_dir" ]; then
        sudo mkdir -p "$log_dir"
        sudo chmod 755 "$log_dir"
        sudo chown root:root "$log_dir"
    fi

    # Create secure directory if it doesn't exist
    if [ ! -d "$secure_dir" ]; then
        sudo mkdir -p "$secure_dir"
        sudo chmod 700 "$secure_dir"
        sudo chown root:root "$secure_dir"
    fi
}

2. log()
The log() function records script activities with timestamps (date) in /var/log/user_management.log directory.

log() {
    local timestamp=$(date +"%Y-%m-%d %H:%M:%S")
    echo "$timestamp $1" >> "$log_file"
}

3. generate_password()
Before we can write a function to create a user, we first need to generate a random password for the newly created users.

generate_password() {
    # Set the desired length of the password
    local password_length=12 
    # Generate the password
    local password="$(openssl rand -base64 12 | tr -d '/+' | head -c $password_length)"  
    # Output the generated password
    echo "$password"  
}

File Handling
The process_user_file() ensures the file exists and is readable before proceeding to create users and manage groups accordingly

 process_user_file() {
    local filename="$1"
    # Check if the file exists and is readable
    if [ ! -f "$filename" ]; then
        echo "****Error: File '$filename' not found or is not readable.****"
    log  "Error: File '$filename' not found or is not readable."
        return 1
    fi

If the file is valid, a while loop will be used which will read the lines in the files and splits each line into username and groups , and then calls the function create_user with username and groups as arguments.

 while IFS=';' read -r username groups; do
        if [[ ! -z "$username" && ! -z "$groups" ]]; then
            create_user "$username" "$groups"
        else
            echo "****Invalid format in line: '$username;$groups'****" 
            log "Invalid format in line: '$username;$groups'"
        fi
    done < "$filename"

User Management
Using the variables provided by the process_user_file function, we can create a user and generate a random password for them using generate_password function.
This command creates a user with a home directory /home/$"username.

sudo useradd -m -p "$(openssl passwd -6 "$password")" "$username"
# Making the user the owner of the directory
sudo chown "$username:$username" "/home/$username"

By default when a user is created in most linux distribution, a group with the same name as the users username is created this group is usually the primary group of the user.However, to be on the safe side we can check if the group already exists and if not, we can create the group and add the user to the group then make the group the primary group of the user.

if ! grep -q "^$username:" /etc/group; then
           sudo groupadd "$username"
            #Adding the user to the group which is the primary group
            sudo usermod -aG group_name "$username"
            #change the primary group of a user
            sudo usermod -g "$username" "$username"
        fi

In this last segment, we are going to add the users to the specified groups.
The variable groups is stored in an array known as group_list where we user the for function to iterate over each element in the group_list.

# Function to add users to specified groups
add_to_groups() {
    local username="$1"
    local groups="$2"
    IFS=',' read -ra group_list <<< "$groups"
    for group in "${group_list[@]}"; do
        if grep -q "^$group:" /etc/group; then
            sudo usermod -aG "$group" "$username"
            log "User '$username' added to group '$group' successfully."
            echo "****User '$username' added to group '$group' successfully.****"
        else
            log "Group '$group' does not exist. Skipping addition of user '$username'."
            echo "****Group '$group' does not exist. Skipping addition of user '$username'.****"
        fi
    done
}

To make the script excutable, you need to use the chmod command in combination with the +x option

chmod +x path/directory/script.sh

To execute the script, run:

./path/directory/script.sh text_file

You can view the full script at Github.

This script was a task which was to be completed during my HNG internship. For those interested in practical learning and real-life scenarios, check out the HNG internship program. It's a great opportunity to gain hands-on experience! To maximize your internship experience, consider upgrading to their premium package at HNG Premium.

The Cloud Resume Challenge

wanjiru murira — Tue, 24 Oct 2023 12:50:41 +0000

The Cloud Resume Challenge by Forrest Brazeal is for anyone who wants to get hand-on practice on the cloud.One of the key motivations behind taking up this challenge was my desire to gain hands-on experience with AWS cloud technologies. While I had a theoretical understanding of most AWS services, I knew that real-world experience was invaluable.

This challenge involves hosting a static website in an S3 bucket via Amazon CloudFront distribution. The static website is then connected to a Lambda function through AWS API Gateway. Whenever a user accesses the static website hosted on S3, the Lambda function is triggered, and it writes the count of website visits to a DynamoDB table. This project aims to track and record user visits to the website for analytics and monitoring purposes.You can view the challenge here. The source code to this challenge can be found on git.

I've documented how I went about the challange and some of the issues I faced below.

FRONT-END PART OF WEBSITE

Hosting the website on the s3 bucket was probably the easiest part of this challenge. I did spend quite some time in designing the layout of the website as Frontend is not my strong suite.I tried so many layouts and this was taking longer than expected. I finally decided to settle with Tomas Hrubovcak design, which was one of the cleanest and minimal layouts I have seen so far of The Cloud Resume Challenge.

I did have to learn about Amazon CloudFront cache invalidation since I didn’t understand why any updates I made on my s3 bucket didn’t reflect immediately. This was happening because CloudFront was still serving the content it had cached in the edge locations which takes some time before it expires. Invalidation allows you to force CloudFront to refresh its cache and retrieve the latest version of your content from your origin server. Read more about invalidation here.

As you will make a few changes to the content of your s3 bucket, I decided to put into practice CI/CD (Continuous Integration / Continuous Deployment) to manage any changes to my code.They are several tools you can use for this such as Jenkins, GitHub Actions etc.

BACK-END PART OF WEBSITE

The backend part on the website took the longest to complete but I thoroughly enjoyed this. While at the start I provisioned all my resources manually which greatly helped me understand AWS services better, I did eventually opt to use Terraform as the IaC. I deliberately choose to use Terraform instead of AWS CloudFormation because it’s one of the most preferred IaC tool by developers and I wanted to familiarize myself with it.

The backend part of this website includes an API Gateway, DynamoDB Table and Lambda Function.
The lambda function is used to increase the count of the number of users who have visited the website and then updates this count in a DynamoDB table. You need to attach a IAM role to the Lambda function, which allows it to write to the DynamoDB table.

The Lambda function is triggered by a RESTful APIs to execute the code.
The code below is just a snipset of the code I used to deploy my lambda function using terraform.

However, whenever I tried to run the API Gateway, I kept on getting various errors.Some of the errors I got were CORS errors and how to go about an API with lambda proxy integration enabled.

For the CORS errors, I enabled CORS on my API Gateway and also added the correct headers to my lambda function.
It took some time for me to realize that when provisioning an API Gateway using terraform, lambda proxy integration is enabled automatically. This means that API gateway doesn’t transform the incoming request. The lambda function should send the response and status code in the correct format as shown below (which was the reason I kept on getting errors since my previous lambda response format was different)

Once I was able to navigate the above errors, my website was up and running.