Introduction
Managing users on a Linux system can be a daunting task, especially in environments where you need to create multiple users, assign them to specific groups, and ensure they have secure passwords. This blog will walk you through a Bash script that automates the process of user creation, group assignment, password generation, and logging. This script is particularly useful for system administrators looking to streamline user management.
The Script
The script, named create_users.sh, reads a text file containing usernames and group names, creates the users, assigns them to the specified groups, sets up their home directories with the appropriate permissions, generates random passwords, and logs all actions.
Step-by-Step Breakdown
Here’s a detailed explanation of what the script does:
1.** Script Initialization:** The script starts by checking if an input file is provided as an argument. It sets the INPUT_FILE variable to the provided argument and defines the log file and password file paths.
# Check if the input file is provided
if [ $# -ne 1 ]; then
echo “Usage: $0 <input_file>”
exit 1
fi
INPUT_FILE=$1
LOG_FILE=”/var/log/user_management.log”
PASSWORD_FILE=”/var/secure/user_passwords.txt”
File Existence and Directory Setup : The script checks if the input file exists. It then ensures the secure directory (/var/secure) exists, creates the log and password files, and sets appropriate permissions and ownership to ensure security.
if [ ! -f “$INPUT_FILE” ]; then
echo “File not found: $INPUT_FILE”
exit 1
fi
# Ensure the secure directory exists and set permissions
sudo mkdir -p /var/secure
sudo chmod 700 /var/secure
# Initialize log and password files
sudo touch $LOG_FILE $PASSWORD_FILE
sudo chmod 600 $PASSWORD_FILE
sudo chown root:root $PASSWORD_FILE
**Password Generation Function: **This function generates a random 12-character password using openssl.
generate_password() {
openssl rand -base64 12
}
4.** User Creation and Group Assignment:** This is the core of the script:
It reads each line of the input file, expecting a format of user;groups.
It checks if the user or group already exists. If not, it generates a password, creates the user,creates the group sets the password, and logs these actions.
It sets the home directory permissions to 700 to ensure only the user has access.
It assigns the user to the specified groups, logging each action.
while IFS=’;’ read -r user groups; do
# Check if the user already exists
if id “$user” &>/dev/null; then
echo “User $user already exists.” | sudo tee -a $LOG_FILE
else
# Generate a random password
password=$(generate_password)
# Create the user with a home directory and set the password
sudo useradd -m -s /bin/bash “$user”
echo “$user:$password” | sudo chpasswd
# Log the creation and password
echo “User $user created with home directory.” | sudo tee -a $LOG_FILE
echo “$user:$password” | sudo tee -a $PASSWORD_FILE
# Set the permissions and ownership of the home directory
sudo chmod 700 /home/$user
sudo chown $user:$user /home/$user
# Assign groups to the user
IFS=’,’ read -r -a group_array <<< “$groups”
for group in “${group_array[@]}”; do
# Check if the group exists
if ! getent group “$group” &>/dev/null; then
# Create the group if it does not exist
sudo groupadd “$group”
echo “Group $group created.” | sudo tee -a $LOG_FILE
fi
sudo usermod -aG “$group” “$user”
echo “User $user added to group $group.” | sudo tee -a $LOG_FILE
done
fi
done < “$INPUT_FILE”
echo “User creation, group assignment, and logging completed.” | sudo tee -a $LOG_FILE
5. Running the Script: To run the script, save it as create_users.sh, make it executable, and execute it with the input file as an argument:
sudo ./create_users.sh <input_file>
Conclusion
This script will not only create users and assign them to groups but also create any missing groups. This ensures that all specified groups are present, and users are correctly added to them. This is my stage one project of the HNG internship program. To know more about HNG internship programs please do check the links below
https://hng.tech/internship, https://hng.tech/premium
