DEV Community

Cover image for User Management Automation Using Bash Script
Goodnews Azonubi
Goodnews Azonubi

Posted on

User Management Automation Using Bash Script

INTRODUCTION

As a SysOps (Systems Operations) engineer, managing user accounts and permissions is a critical task. Ensuring that users are properly created, assigned to the correct groups, and have secure passwords is essential for maintaining the security and efficiency of the system. A script file (create_users.sh) will be created to automate the process of user and group creation, making it easier to manage large numbers of users and maintain a secure environment. This is a stage 1 DevOps task given at the HNG 11 INTERNSHIP PROGRAM.

Prerequisites

  • Basic knowledge of the Linux CLI (command line interface).

Script Code:

#!/bin/bash


# Check if the script is run as root user
if [[ $EUID -ne 0 ]]; then
  echo "This script must be run as root"
  exit 1
fi


# Check if the input file is provided in argument (contains the usernames and groups)
if [ -z "$1" ]; then
  echo "Usage: sudo $0 <filename>"
  exit 1
fi

INPUT_FILE=$1
LOG_FILE="/var/log/user_management.log"

# Create a secure directory to save secret files
mkdir -p /var/secure
chmod 700 /var/secure

# Create secure passwords file
PASSWORD_FILE="/var/secure/user_passwords.txt"
echo "USERNAME  |   PASSWORD" > "$PASSWORD_FILE"
echo "---------------------------------------------" >> "$PASSWORD_FILE"
chmod 600 "$PASSWORD_FILE"



# Read input file line by line
while IFS=';' read -r username groups; do

   # Remove leading/trailing whitespaces
     username=$(echo "$username" | xargs)
     groups=$(echo "$groups" | xargs)

   # Skip empty lines
     if [ -z "$username" ]; then
       continue
     fi


  # Create the user with a personal group
    if id "$username" &>/dev/null; then
      echo "----------------------------------------------------------------" | tee -a "$LOG_FILE"
      echo "User $username already exists" | tee -a "$LOG_FILE"
    else
      useradd -m -U "$username"
      echo "----------------------------------------------------------------" | tee -a "$LOG_FILE"
      echo "User $username created with a personal group" | tee -a "$LOG_FILE"
    fi


  # Create additional groups and assign the user to them
  if [ -n "$groups" ]; then
    IFS=',' read -ra groupName <<< "$groups"
    for group in "${groupName[@]}"; do
      group=$(echo "$group" | xargs)  # Remove leading/trailing whitespaces
      if ! getent group "$group" &>/dev/null; then
        groupadd "$group"
        echo "group: $group created successfully"
      fi
      usermod -aG "$group" "$username"
      echo "user: $username added to group: $group"
    done
  fi


    # Generate, set and store password securely
    password=$(openssl rand -base64 12)
    echo "$username:$password" | chpasswd
    echo "$username |   $password" >> "$PASSWORD_FILE"



    # Set permissions and ownership for the home directory
    chown -R "$username":"$username" "/home/$username"
    chmod 700 "/home/$username"

    echo "-----------------------------------------------------------------------------------"
    echo "  "

    # Log recent actions
    echo "$(date '+%Y-%m-%d %H:%M:%S') - Created user with username: $username and groups: $groups" >> "$LOG_FILE"
    echo "-------------------------------------------------------------------" >> "$LOG_FILE"
done < "$INPUT_FILE"

Enter fullscreen mode Exit fullscreen mode

Key Features

1. Automated User and Group Creation:

  • The script reads from a file containing user and group information and automates the creation of users and their respective groups.
  • Personal groups are created for each user, ensuring clear ownership and security. Group Assignment:
  • Users can be assigned to multiple groups, facilitating organized and efficient permission management.

2. Secure Password Generation:

  • Random passwords are generated for each user, enhancing security.
  • Passwords are stored securely in a file with restricted access, ensuring that only authorized personnel can view them.

3. Logging and Documentation:

Actions performed by the script are logged to a file, providing an audit trail for accountability and troubleshooting.

Usage:

1 Input File: The script takes an input file containing the list and users and groups they are to be added. it is formatted as user;groups

light; engineering,marketing,drama
idimma; drama,product
mayowa; hng-premium,design
Enter fullscreen mode Exit fullscreen mode

2. Script file: You need to first make sure your script is executable by using this command chmod +x create_users.sh.

  • Execute the script with root privileges to ensure it can create users and groups and manage passwords.
sudo bash create_users.sh <filename>
Enter fullscreen mode Exit fullscreen mode

3. Output:

Image description

  • Passwords are securely stored in /var/secure/user_passwords.txt.
  • All actions are logged to /var/log/user_management.log.

Image description

You can checkout for available roles at HNG here and register for the next HNG Internship Cohort

Link to my script and file: https://github.com/ideateGudy/User-Management-Script-Using-Bash

Top comments (0)