Managing users and groups on a Linux system can be a complex and time-consuming task, especially in environments with frequent changes. Automation can significantly simplify this process, ensuring consistency and saving valuable time. In this article, we will walk through the implementation of a Bash script that automates the creation of users and groups, sets up home directories, generates secure random passwords, and logs all actions for auditing purposes.
Script Overview
The Bash script create_users.sh
reads a list of usernames and groups from a text file, creates the specified users and groups, sets up home directories with appropriate permissions, generates random passwords for the users, and logs all actions. The script also securely stores the generated passwords in a dedicated file.
Script Breakdown
Here is the complete create_users.sh
script, followed by a detailed explanation of each section:
#!/bin/bash
# Ensure the script is run with root privileges
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
# Log file path
LOG_FILE="/var/log/user_management.log"
# Password storage file path
PASSWORD_FILE="/var/secure/user_passwords.csv"
# Create secure directory for passwords if it doesn't exist
mkdir -p /var/secure
chmod 700 /var/secure
# Function to create groups
create_groups() {
local groups="$1"
IFS=',' read -r -a group_array <<< "$groups"
for group in "${group_array[@]}"; do
group=$(echo "$group" | xargs) # Remove leading/trailing whitespace
if [ ! -z "$group" ]; then
if ! getent group "$group" > /dev/null; then
groupadd "$group"
echo "Group '$group' created." | tee -a "$LOG_FILE"
fi
fi
done
}
# Function to create user and group
create_user() {
local username="$1"
local groups="$2"
# Create user group if it doesn't exist
if ! getent group "$username" > /dev/null; then
groupadd "$username"
echo "Group '$username' created." | tee -a "$LOG_FILE"
fi
# Create the additional groups
create_groups "$groups"
# Create user with personal group and home directory if user doesn't exist
if ! id "$username" > /dev/null 2>&1; then
useradd -m -g "$username" -G "$groups" "$username"
echo "User '$username' created with groups '$groups'." | tee -a "$LOG_FILE"
# Set home directory permissions
chmod 700 "/home/$username"
chown "$username:$username" "/home/$username"
# Generate random password
password=$(openssl rand -base64 12)
echo "$username:$password" | chpasswd
echo "$username,$password" >> "$PASSWORD_FILE"
else
echo "User '$username' already exists." | tee -a "$LOG_FILE"
fi
}
# Read the input file
input_file="$1"
if [ -z "$input_file" ]; then
echo "Usage: $0 <name-of-text-file>"
exit 1
fi
# Ensure the input file exists
if [ ! -f "$input_file" ]; then
echo "File '$input_file' not found!"
exit 1
fi
# Process each line of the input file
while IFS=';' read -r user groups; do
user=$(echo "$user" | xargs) # Remove leading/trailing whitespace
groups=$(echo "$groups" | xargs) # Remove leading/trailing whitespace
if [ ! -z "$user" ]; then
create_user "$user" "$groups"
fi
done < "$input_file"
# Set permissions for password file
chmod 600 "$PASSWORD_FILE"
echo "User creation process completed." | tee -a "$LOG_FILE"
Detailed Explanation
Ensuring Root Privileges
The script starts by checking if it is being run with root privileges, as creating users and modifying system files require administrative rights.
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
Setting Up Log and Password Files
The script defines paths for the log file and the password storage file. It then creates a secure directory for storing passwords and ensures it has the correct permissions.
LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"
mkdir -p /var/secure
chmod 700 /var/secure
Function to Create Groups
The create_groups
function takes a comma-separated list of groups and creates each group if it does not already exist. It also logs the creation of each group.
create_groups() {
local groups="$1"
IFS=',' read -r -a group_array <<< "$groups"
for group in "${group_array[@]}"; do
group=$(echo "$group" | xargs)
if [ ! -z "$group" ]; then
if ! getent group "$group" > /dev/null; then
groupadd "$group"
echo "Group '$group' created." | tee -a "$LOG_FILE"
fi
fi
done
}
Function to Create Users and Groups
The create_user
function handles the creation of the user and their primary group, as well as any additional groups. It sets up the user's home directory, assigns appropriate permissions, and generates a random password for the user.
create_user() {
local username="$1"
local groups="$2"
if ! getent group "$username" > /dev/null; then
groupadd "$username"
echo "Group '$username' created." | tee -a "$LOG_FILE"
fi
create_groups "$groups"
if ! id "$username" > /dev/null 2>&1; then
useradd -m -g "$username" -G "$groups" "$username"
echo "User '$username' created with groups '$groups'." | tee -a "$LOG_FILE"
chmod 700 "/home/$username"
chown "$username:$username" "/home/$username"
password=$(openssl rand -base64 12)
echo "$username:$password" | chpasswd
echo "$username,$password" >> "$PASSWORD_FILE"
else
echo "User '$username' already exists." | tee -a "$LOG_FILE"
fi
}
Processing the Input File
The script reads the input file provided as a command-line argument. Each line of the file is expected to contain a username and a list of groups separated by a semicolon. The script processes each line, removing any leading or trailing whitespace, and calls the create_user
function.
input_file="$1"
if [ -z "$input_file" ]; then
echo "Usage: $0 <name-of-text-file>"
exit 1
fi
if [ ! -f "$input_file" ]; then
echo "File '$input_file' not found!"
exit 1
fi
while IFS=';' read -r user groups; do
user=$(echo "$user" | xargs)
groups=$(echo "$groups" | xargs)
if [ ! -z "$user" ]; then
create_user "$user" "$groups"
fi
done < "$input_file"
Finalizing Permissions
Finally, the script ensures that the password file has the correct permissions, making it readable only by the root user.
chmod 600 "$PASSWORD_FILE"
echo "User creation process completed." | tee -a "$LOG_FILE"
Running the Script
To run the create_users.sh
script, follow these steps:
- Create the Input File: Prepare a text file with usernames and groups. Each line should contain a username followed by a semicolon and a comma-separated list of groups. For example:
john;admins,developers
jane;users,admins
- Make the Script Executable: Ensure the script has executable permissions.
chmod +x create_users.sh
- Run the Script with Root Privileges: Execute the script, passing the path to the input file as an argument.
sudo ./create_users.sh /path/to/input_file.txt
Viewing Logs and Passwords
-
Log File: The script logs all actions to
/var/log/user_management.log
. You can view this log file using a text editor or command likecat
,less
, ortail
.
less /var/log/user_management.log
-
Password File: Generated passwords are stored in
/var/secure/user_passwords.csv
. This file is readable only by the root user. View it with:
sudo less /var/secure/user_passwords.csv
Conclusion
This script provides a robust solution for automating user and group management on a Linux system. It ensures that all actions are logged for auditing purposes and that generated passwords are stored securely. By following the steps outlined in this article, you can customize and extend the script to meet your specific needs, improving efficiency and consistency in user management tasks
click here to view the gitHub repository.
If you're curious about the HNG Internship, check out their website. And if you're looking to hire talented developers, head over to HNG Hire.
Top comments (0)