Technical Article: Automating Linux User Creation with Bash Script

Managing users and groups on a Linux system can be a complex and time-consuming task, especially in environments with frequent changes. Automation can significantly simplify this process, ensuring consistency and saving valuable time. In this article, we will walk through the implementation of a Bash script that automates the creation of users and groups, sets up home directories, generates secure random passwords, and logs all actions for auditing purposes.

Script Overview

The Bash script create_users.sh reads a list of usernames and groups from a text file, creates the specified users and groups, sets up home directories with appropriate permissions, generates random passwords for the users, and logs all actions. The script also securely stores the generated passwords in a dedicated file.

Script Breakdown

Here is the complete create_users.sh script, followed by a detailed explanation of each section:

#!/bin/bash

# Ensure the script is run with root privileges
if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit 1
fi

# Log file path
LOG_FILE="/var/log/user_management.log"
# Password storage file path
PASSWORD_FILE="/var/secure/user_passwords.csv"

# Create secure directory for passwords if it doesn't exist
mkdir -p /var/secure
chmod 700 /var/secure

# Function to create groups
create_groups() {
  local groups="$1"
  IFS=',' read -r -a group_array <<< "$groups"
  for group in "${group_array[@]}"; do
    group=$(echo "$group" | xargs) # Remove leading/trailing whitespace
    if [ ! -z "$group" ]; then
      if ! getent group "$group" > /dev/null; then
        groupadd "$group"
        echo "Group '$group' created." | tee -a "$LOG_FILE"
      fi
    fi
  done
}

# Function to create user and group
create_user() {
  local username="$1"
  local groups="$2"

  # Create user group if it doesn't exist
  if ! getent group "$username" > /dev/null; then
    groupadd "$username"
    echo "Group '$username' created." | tee -a "$LOG_FILE"
  fi

  # Create the additional groups
  create_groups "$groups"

  # Create user with personal group and home directory if user doesn't exist
  if ! id "$username" > /dev/null 2>&1; then
    useradd -m -g "$username" -G "$groups" "$username"
    echo "User '$username' created with groups '$groups'." | tee -a "$LOG_FILE"

    # Set home directory permissions
    chmod 700 "/home/$username"
    chown "$username:$username" "/home/$username"

    # Generate random password
    password=$(openssl rand -base64 12)
    echo "$username:$password" | chpasswd
    echo "$username,$password" >> "$PASSWORD_FILE"
  else
    echo "User '$username' already exists." | tee -a "$LOG_FILE"
  fi
}

# Read the input file
input_file="$1"
if [ -z "$input_file" ]; then
  echo "Usage: $0 <name-of-text-file>"
  exit 1
fi

# Ensure the input file exists
if [ ! -f "$input_file" ]; then
  echo "File '$input_file' not found!"
  exit 1
fi

# Process each line of the input file
while IFS=';' read -r user groups; do
  user=$(echo "$user" | xargs) # Remove leading/trailing whitespace
  groups=$(echo "$groups" | xargs) # Remove leading/trailing whitespace
  if [ ! -z "$user" ]; then
    create_user "$user" "$groups"
  fi
done < "$input_file"

# Set permissions for password file
chmod 600 "$PASSWORD_FILE"
echo "User creation process completed." | tee -a "$LOG_FILE"

Detailed Explanation

Ensuring Root Privileges

The script starts by checking if it is being run with root privileges, as creating users and modifying system files require administrative rights.

if [ "$EUID" -ne 0 ]; then
  echo "Please run as root"
  exit 1
fi

Setting Up Log and Password Files

The script defines paths for the log file and the password storage file. It then creates a secure directory for storing passwords and ensures it has the correct permissions.

LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"
mkdir -p /var/secure
chmod 700 /var/secure

Function to Create Groups

The create_groups function takes a comma-separated list of groups and creates each group if it does not already exist. It also logs the creation of each group.

create_groups() {
  local groups="$1"
  IFS=',' read -r -a group_array <<< "$groups"
  for group in "${group_array[@]}"; do
    group=$(echo "$group" | xargs)
    if [ ! -z "$group" ]; then
      if ! getent group "$group" > /dev/null; then
        groupadd "$group"
        echo "Group '$group' created." | tee -a "$LOG_FILE"
      fi
    fi
  done
}

Function to Create Users and Groups

The create_user function handles the creation of the user and their primary group, as well as any additional groups. It sets up the user's home directory, assigns appropriate permissions, and generates a random password for the user.

create_user() {
  local username="$1"
  local groups="$2"

  if ! getent group "$username" > /dev/null; then
    groupadd "$username"
    echo "Group '$username' created." | tee -a "$LOG_FILE"
  fi

  create_groups "$groups"

  if ! id "$username" > /dev/null 2>&1; then
    useradd -m -g "$username" -G "$groups" "$username"
    echo "User '$username' created with groups '$groups'." | tee -a "$LOG_FILE"

    chmod 700 "/home/$username"
    chown "$username:$username" "/home/$username"

    password=$(openssl rand -base64 12)
    echo "$username:$password" | chpasswd
    echo "$username,$password" >> "$PASSWORD_FILE"
  else
    echo "User '$username' already exists." | tee -a "$LOG_FILE"
  fi
}

Processing the Input File

The script reads the input file provided as a command-line argument. Each line of the file is expected to contain a username and a list of groups separated by a semicolon. The script processes each line, removing any leading or trailing whitespace, and calls the create_user function.

input_file="$1"
if [ -z "$input_file" ]; then
  echo "Usage: $0 <name-of-text-file>"
  exit 1
fi

if [ ! -f "$input_file" ]; then
  echo "File '$input_file' not found!"
  exit 1
fi

while IFS=';' read -r user groups; do
  user=$(echo "$user" | xargs)
  groups=$(echo "$groups" | xargs)
  if [ ! -z "$user" ]; then
    create_user "$user" "$groups"
  fi
done < "$input_file"

Finalizing Permissions

Finally, the script ensures that the password file has the correct permissions, making it readable only by the root user.

chmod 600 "$PASSWORD_FILE"
echo "User creation process completed." | tee -a "$LOG_FILE"

Running the Script

To run the create_users.sh script, follow these steps:

1. Create the Input File: Prepare a text file with usernames and groups. Each line should contain a username followed by a semicolon and a comma-separated list of groups. For example:

   john;admins,developers
   jane;users,admins

1. Make the Script Executable: Ensure the script has executable permissions.

   chmod +x create_users.sh

1. Run the Script with Root Privileges: Execute the script, passing the path to the input file as an argument.

   sudo ./create_users.sh /path/to/input_file.txt

Viewing Logs and Passwords

• Log File: The script logs all actions to /var/log/user_management.log. You can view this log file using a text editor or command like cat, less, or tail.

  less /var/log/user_management.log

• Password File: Generated passwords are stored in /var/secure/user_passwords.csv. This file is readable only by the root user. View it with:

  sudo less /var/secure/user_passwords.csv

Conclusion

This script provides a robust solution for automating user and group management on a Linux system. It ensures that all actions are logged for auditing purposes and that generated passwords are stored securely. By following the steps outlined in this article, you can customize and extend the script to meet your specific needs, improving efficiency and consistency in user management tasks
click here to view the gitHub repository.

If you're curious about the HNG Internship, check out their website. And if you're looking to hire talented developers, head over to HNG Hire.