Have you ever faced a simple task that may have five or more steps to complete? Did you have to repeat that same task more than 200 times? This is an example of such scenarios.
CASE STUDY
Imagine you are the System Administrator for a company and your organization have just employed 100 developers. You have been tasked to onboard these new employees - Each employee Should have the following:
- Personal home directory.
- Added to a developers group.
- Create a SSH folder, authorized file .
- Copy their public key to the authorized file.
- Force password change.
I have written a bash script to do just this. This script works for multiple users. It reads a csv file (which could have thousands of users) and create new users/employee based on the parameters stated in the script.
#!/bin/bash
userfile=$(cat names.csv)
PASSWORD=password
This above snippet introduces the script. #!/bin/bash
tells the computer how to interpret the script and the location of bash interpreter. userfile
is a variable (you can use another name, but ensure consistency with the variable name in your script) which reads a csv file named names.csv (it contains the names of the employees). PASSWORD
is a variable which holds password
as it's value. This is the default password for all the new employees.
The next code snippet below ensures the user running this script has root privilege. It checks if the current user ID is equal to 0 (since the root user default id value is 0 )
if [ $(id -u) -eq 0 ]; then
Next, using a for loop, it checks if the username already exists in the system. user
is a variable that iterates through the csv file. If it exists, it tells us it exists.
for user in $userfile;
do
echo $user
if id "$user" &>/dev/null
then
echo "User Exist"
else
The script creates the user, in it's home directory and adds each user to a developers group we should have created before running the script.
useradd -m -d /home/$user -s /bin/bash -g developers $user
echo "New User Created"
echo
This next snippet create a ssh folder in the user home directory.
su - -c "mkdir ~/.ssh" $user
echo ".ssh directory created for new user"
echo
Set the user permission for the ssh directory. 700 means - Protects the directory against any access from other users, while the issuing user still has full access.
su - -c "chmod 700 ~/.ssh" $user
echo "user permission for .ssh directory set"
echo
This will create an authorized-key file which would be the location where the public key is stored.
su - -c "touch ~/.ssh/authorized_keys" $user
echo "Authorized Key File Created"
echo
We need to set permission for the key file. Permissions of 600 mean that the owner has full read and write access to the file, while no other user can access the file.
su - -c "chmod 600 ~/.ssh/authorized_keys" $user
echo "user permission for the Authorized Key File set"
echo
We need to create and set the public key for users in the server. In this example, I have used one set of public key and private key but your use case might be different. Note Shell is just a directory created to hold all files (name.csv, public key and the script file) to run the script.
This script copies the public key we created to the new user's directory and names it authorized_keys.
cp -R "/home/ubuntu/Shell/id_rsa.pub" "/home/$user/.ssh/authorized_keys"
echo "Copyied the Public Key to New User Account on the server"
echo
echo
echo "USER CREATED"
This line of code generates a password called password
, remember the PASSWORD
variable declaration at the beginning. -e $user
forces the user to change his/her password at the next login.
sudo echo -e "$PASSWORD\n$PASSWORD" | sudo passwd "$user"
sudo passwd -e $user
fi
done
else
echo "Only Admin Can Onboard A User"
fi
The full script iterates through each name in the csv file until it is completed.
Check my Github for the complete demo and script.
CONCLUSION
Automation of repetitive tasks most often would always help productivity, increase efficiency and reduce errors.
I hope this helps someone.
Please feel free to share your tips, questions, corrections in the comments!
Top comments (0)