DEV Community

Teniola
Teniola

Posted on

Linux User Creation Bash Script

Introduction

We can use a Bash script to automate the creation of users and groups, set up home directories, generate random passwords, and log all actions.

Script Overview

The script we're going to discuss performs the following functions:

Create Users and Groups: Reads a file containing usernames and group names, creates the users and groups if they do not exist, and assigns users to the specified groups.

Setup Home Directories: Sets up home directories with appropriate permissions and ownership for each user.

Generate Random Passwords: Generates random passwords for the users and stores them securely.

Log Actions: Logs all actions to /var/log/user_management.log for auditing and troubleshooting.

Store Passwords Securely: Stores the generated passwords in /var/secure/user_passwords.csv with restricted access.

The Script

Here is the complete Bash script:

#!/bin/bash

LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"

# Ensure /var/secure exists and has the correct permissions
mkdir -p /var/secure
chmod 700 /var/secure
touch "$PASSWORD_FILE"
chmod 600 "$PASSWORD_FILE"

# Function to log messages
log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}

# Function to generate random passwords
generate_password() {
    local password_length=12
    tr -dc A-Za-z0-9 </dev/urandom | head -c $password_length
}

# Function to add users, groups and set up home directories
setup_user() {
    local username=$1
    local groups=$2

    # Create the user
    # &>/dev/null
    if ! id -u "$username" &>/dev/null; then
        password=$(generate_password)
        useradd -m -s /bin/bash "$username"
        echo "$username:$password" | chpasswd
        log_message "User $username created."

        # Store the username and password
        echo "$username,$password" >> "$PASSWORD_FILE"
        log_message "Password for $username stored."
    else
        log_message "User $username already exists."
    fi

    # Create groups and add user to groups
    IFS=',' read -ra group_array <<< "$groups"
    for group in "${group_array[@]}"; do
        if ! getent group "$group" &>/dev/null; then
            groupadd "$group"
            log_message "Group $group created."
        fi
        usermod -aG "$group" "$username"
        log_message "Added $username to $group."
    done
    # Set up the home directory
    local home_dir="/home/$username"
    chown "$username":"$username" "$home_dir"
    chmod 700 "$home_dir"
    log_message "Home directory for $username set up with appropriate permissions."
}

# Main script
if [ $# -eq 0 ]; then
    log_message "Usage: $0 <input_file>"
    exit 1
fi

input_file=$1
log_message "Starting user management script."

# Read the input file and process each line
while IFS=';' read -r username groups; do
    setup_user "$username" "$groups"
done < "$input_file"

log_message "User management script completed."
Enter fullscreen mode Exit fullscreen mode

Logging and Password File Setup

  • The script ensures that the /var/secure directory exists and has the appropriate permissions.
  • It creates the password file /var/secure/user_passwords.csv and ensures only the owner can read it.
mkdir -p /var/secure
chmod 700 /var/secure
touch "$PASSWORD_FILE"
chmod 600 "$PASSWORD_FILE"
Enter fullscreen mode Exit fullscreen mode

Message_Log

The log_message function logs messages to /var/log/user_management.log with a timestamp.

log_message() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a "$LOG_FILE"
}
Enter fullscreen mode Exit fullscreen mode

password function

The generate_password function generates a random password of a specified length (12 characters in this case).

generate_password() {
    local password_length=12
    tr -dc A-Za-z0-9 </dev/urandom | head -c $password_length
}
Enter fullscreen mode Exit fullscreen mode

User Setup Function

The setup_user function creates users, adds them to groups, sets up home directories with appropriate permissions, and logs each action. It also generates and stores passwords securely.

setup_user() {
    local username=$1
    local groups=$2

    # Create the user
    if ! id -u "$username" &>/dev/null; then
        password=$(generate_password)
        useradd -m -s /bin/bash "$username"
        echo "$username:$password" | chpasswd
        log_message "User $username created."

        # Store the username and password
        echo "$username,$password" >> "$PASSWORD_FILE"
        log_message "Password for $username stored."
    else
        log_message "User $username already exists."
    fi
Enter fullscreen mode Exit fullscreen mode

Main Script

The main part of the script takes an input file as an argument, reads it line by line, and processes each line to create users and groups, set up home directories, and log actions.

if [ $# -eq 0 ]; then
    log_message "Usage: $0 <input_file>"
    exit 1
fi
Enter fullscreen mode Exit fullscreen mode

This makes sure you run the script with an input_file, i.e input.txt

    input_file=$1
    log_message "Starting user management script."
Enter fullscreen mode Exit fullscreen mode

Usage

To use this script, save it to a file (e.g., user_management.sh), make it executable, and run it as a root user with the path to your input file as an argument:

input.txt

    user1;group1,group2
    user2;group3,group4
Enter fullscreen mode Exit fullscreen mode

on the Command Line(CMD) | Terminal

    chmod +x user_management.sh
    ./create_users.sh input.txt
Enter fullscreen mode Exit fullscreen mode

Talents

HNG Internship
HNG Tech

Top comments (0)