Managing user accounts in a Linux environment can be repetitive and error-prone, especially in large organizations. To simplify this process as part of a task given to me on my journey with , you can use a bash script that automates user creation, and group assignments and sets appropriate permissions. This article provides a comprehensive script for this purpose and explains its functionality.
#!/bin/bash
#Create directory for logging
sudo mkdir /var/log/user_management.log
sudo mkdir /var/secure/user_passwords.txt
# Define the log file and password storage file
ACTION_LOG="/var/log/user_management.log"
PASSWORD_LOG="/var/secure/user_passwords.txt"
# Check if a file is provided as an argument
if [ $# -ne 1 ]; then
echo "Usage: $0 <filename>" | tee -a "$ACTION_LOG"
exit 1
fi
FILENAME=$1
# Check if the file exists
if [ ! -f "$FILENAME" ]; then
echo "File $FILENAME does not exist." | tee -a "$ACTION_LOG"
exit 1
fi
# Ensure the password file exists and is secured
sudo touch "$PASSWORD_LOG"
sudo chmod 600 "$PASSWORD_LOG"
# Function to generate a random password
generate_password() {
openssl rand -base64 12
}
# Read the file line by line
while IFS=';' read -r username groups; do
# Check if the user already exists
if id -u "$username" >/dev/null 2>&1; then
echo "User $username already exists." | tee -a "$ACTION_LOG"
else
# Create the user with a home directory and generate a random password
password=$(generate_password)
encrypted_password=$(openssl passwd -1 "$password")
sudo useradd -m -p "$encrypted_password" "$username"
if [ $? -eq 0 ]; then
echo "User $username created with home directory." | tee -a "$ACTION_LOG"
echo "$username:$password" | sudo tee -a "$PASSWORD_LOG" > /dev/null
else
echo "Failed to create user $username." | tee -a "$ACTION_LOG"
continue
fi
fi
# Assign the user to the groups
IFS=',' read -ra group_array <<< "$groups"
for group in "${group_array[@]}"; do
# Check if the group exists, create it if it does not
if ! getent group "$group" >/dev/null 2>&1; then
sudo groupadd "$group"
if [ $? -eq 0 ]; then
echo "Group $group created." | tee -a "$ACTION_LOG"
else
echo "Failed to create group $group." | tee -a "$ACTION_LOG"
continue
fi
fi
# Add the user to the group
sudo usermod -aG "$group" "$username"
if [ $? -eq 0 ]; then
echo "User $username added to group $group." | tee -a "$ACTION_LOG"
else
echo "Failed to add user $username to group $group." | tee -a "$ACTION_LOG"
fi
done
# Set appropriate permissions for the home directory
sudo chmod 700 "/home/$username"
sudo chown "$username:$username" "/home/$username"
if [ $? -eq 0 ]; then
echo "Set permissions for home directory of $username." | tee -a "$ACTION_LOG"
else
echo "Failed to set permissions for home directory of $username." | tee -a "$ACTION_LOG"
fi
done < "$FILENAME"
echo "User and group creation process completed." | tee -a "$ACTION_LOG"
The above script reads a text file containing employee usernames and group names formatted as user;groups. It then creates the users, assigns them to the specified groups, sets up home directories, generates random passwords, and logs all actions to user_management.log.
Firstly, we created the user_management.log and user_passwords.txt in the /var/log directory to be sure that the logs and the user password are saved as required.
Next, we created a variable for log and password storage and assigned the variable to the location of the log file and password save file, we then created the user, added the user to a group and then set the right permission for the users.
To learn about Bash scripting and more, you can check out this link , to learn more about how to become part of the HNG internship.
Top comments (0)