INTRODUCTION
Automation is an important aspect of DevOps enginneering. It reduces friction, saves time, and boosts efficiency and productivity.
In this article, we will explore a Bash script designed to automate the creation of users and groups based on input from a text file. Each user will have a personal group with the same name, and additional groups can be specified in the input file. The script also logs out the actions and securely stores generated passwords.
TASK:
Your company has employed many new developers. As a SysOps engineer, write a bash script called create_users.sh that reads a text file containing the employee’s usernames and group names, where each line is formatted as user;groups.The script should:
Create users and groups as specified,
Set up home directories with appropriate permissions and ownership,
Generate random passwords for the users,
Log all actions to /var/log/user_management.log,
Store the generated passwords securely in /var/secure/user_passwords.txt.
Ensure error handling for scenarios like existing users.
Each User must have a personal group with the same group name as the username, this group name will not be written in the text file.
SCRIPT BREAKDOWN
Check for Input File and Define Variables: The script starts off by declaring the shebang (‘#!/bin/bash’) to specify the interpreter. If statement is use to check if a valid input file was provided in the command line, then initialises a variable to store the input file, logs and password.
# Check if the input file is provided
if [ $# -eq 0 ]; then
echo “Usage: $0 <input_file>”
exit 1
fi
#Initialize variables for input file from the command line
input_file=$1
#Initialize variables for log files and password files
log_file=”/var/log/user_management.log”
password_file=”/var/secure/user_passwords.txt”
Create the Neccesary Directories: This block ensures that the neccesary directories are created and it sets the appropriate permissions to secure the password file.
sudo mkdir -p /var/log /var/secure
sudo touch “$log_file” “$password_file”
sudo chmod 600 “$password_file”
The Log Function: This function in the script appends messages with timestamps to the log file. This helps in tracking the actions performed by the script.
log() {
local message=”$1″
echo “$(date ‘+%Y-%m-%d %H:%M:%S’) – $message” | sudo tee -a “$log_file”
}
Function to Generate random Passwords: This function uses /dev/urandom, a secure random number generator, to generate a random 12-character password for the users once they are created.
tr -dc A-Za-z0-9 </dev/urandom | head -c 12
}
Main Script: The main script is a while loop that is made of of two main blocks- The user processing and the group processing. I explain better below.
i. User Processing: This block carries out a number of actions as follows-
Read Input File: The script uses IFS=’;’ to read each line from the input file, splitting it into username and groups using the read -r command.
Create Personal group for users: Here a personal group for users is being created. This group wasn’t included in the txt file.
Create Users: If the user does not already exist (id “$username”), the script creates the user along with a personal group (-g “$username”) and sets up the home directory with appropriate permissions.
Password Management: The script calls the generate_password() function which generates a random password, assigns it to the user, and stores it securely.
while IFS=’;’ read -r username groups; do
if id “$username” &>/dev/null; then
log “User $username already exists.”
else
# Create a personal group for the user
if getent group “$username” &>/dev/null; then
log “Group $username already exists.”
else
sudo groupadd “$username”
log “Personal group $username created.”
fi
# Create the user with a home directory
sudo useradd -m -g “$username” “$username”
if [ $? -eq 0 ]; then
log “User $username created.”
else
log “Failed to create user $username.”
continue
fi
# Set up home directory with appropriate permissions
sudo chmod 700 “/home/$username”
sudo chown “$username:$username” “/home/$username”
log “Home directory for $username set up with correct permissions.”
# Generate a random password and set it for the user
password=$(generate_password)
echo “$username:$password” | sudo chpasswd
if [ $? -eq 0 ]; then
log “Password for $username set.”
else
log “Failed to set password for $username.”
continue
fi
# Store the password securely
echo “$username:$password” | sudo tee -a “$password_file” > /dev/null
fi
Group Processing: This block processes additional groups from the input file, creating them if necessary, and adds the user to these groups.
Read input file with IFS: IFS=’,’: The IFS is set to a comma, which means the read command will split the input string based on commas and store the groups in an array. This will enable the user to be added to multiple groups according to the input file.
Read Groups in Array: After the groups have been stored in an array, a for loop is used to iterate over each group in the array.
Check if groups exist and Creats groups: An if statement in the script checks if the group already exists, then creats one. It logs out the output of both cases.
Add User: Finally the users are added to their appropriate groups.
IFS=’,’ read -ra group_array <<< “$groups”
for group in “${group_array[@]}”; do
if getent group “$group” &>/dev/null; then
log “Group $group already exists.”
else
sudo groupadd “$group”
log “Group $group created.”
fi
# Add the user to the group
sudo usermod -aG “$group” “$username”
log “User $username added to group $group.”
done
done < “$input_file”
Execute Script
Make the script executable by running chmod +x create_users.sh in your terminal
Run the script with the input file like this ./create_users.sh input.txt
This was a stage 1 DevOps Task at HNG Internship. You can check for available roles at HNG Hire.
You can find entire code here: https://github.com/Bezaleelstone/User-group-automation-on-linux-with-bashscript.git
