Forem: NG2Edith The latest articles on Forem by NG2Edith (@ng2edith). https://forem.com/ng2edith https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1731848%2F0cb49733-74a6-4d6d-8b97-e21988c643e5.png Forem: NG2Edith https://forem.com/ng2edith en Automate User and Group Management with a Bash Script NG2Edith Sat, 06 Jul 2024 01:02:40 +0000 https://forem.com/ng2edith/automate-user-and-group-management-with-a-bash-script-2abn https://forem.com/ng2edith/automate-user-and-group-management-with-a-bash-script-2abn <p>Managing users and groups on a Linux system can be a daunting task, especially when you have to handle a large number of users. Automation is the key to simplifying these repetitive tasks, ensuring consistency, and reducing the likelihood of errors. In this article, we'll explore a bash script that automates the creation of users and groups, sets up home directories, generates random passwords, and logs all actions. </p> <p>We'll walk through each step of the script, explaining the rationale behind the code, and provide links to the HNG Internship program, a great opportunity for budding developers to enhance their skills.</p> <p><strong>Why Automate User Management?</strong><br> Before diving into the script, let's understand why automating user management is beneficial:</p> <ol> <li> <strong>Consistency</strong>: Automation ensures that users are created with the same settings, reducing the risk of configuration errors.</li> <li> <strong>Efficiency</strong>: Batch processing user accounts saves time compared to manual entry.</li> <li> <strong>Security</strong>: Automatically setting secure passwords and proper permissions enhances security.</li> <li> <strong>Logging</strong>: Keeping a log of all actions aids in auditing and troubleshooting.</li> </ol> <p><strong>The Script</strong><br> Below is the bash script that performs all the tasks mentioned. It reads a text file containing usernames and group names, creates users and groups, sets up home directories, generates random passwords, and logs actions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># Script to create users and groups from a given text file</span> <span class="c"># Usage: bash create_users.sh &lt;name-of-text-file&gt;</span> <span class="c"># Example: bash create_users.sh users.txt</span> <span class="c"># Log file</span> <span class="nv">LOG_FILE</span><span class="o">=</span><span class="s2">"/var/log/user_management.log"</span> <span class="nv">PASSWORD_FILE</span><span class="o">=</span><span class="s2">"/var/secure/user_passwords.txt"</span> <span class="c"># Check if the input file is provided</span> <span class="k">if</span> <span class="o">[</span> <span class="nv">$# </span><span class="nt">-ne</span> 1 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Usage: </span><span class="nv">$0</span><span class="s2"> &lt;name-of-text-file&gt;"</span> <span class="nb">exit </span>1 <span class="k">fi </span><span class="nv">INPUT_FILE</span><span class="o">=</span><span class="nv">$1</span> <span class="c"># Ensure the log and password files exist</span> <span class="nb">touch</span> <span class="nv">$LOG_FILE</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /var/secure <span class="nb">touch</span> <span class="nv">$PASSWORD_FILE</span> <span class="nb">chmod </span>600 <span class="nv">$PASSWORD_FILE</span> log_action<span class="o">()</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">date</span> <span class="s1">'+%Y-%m-%d %H:%M:%S'</span><span class="si">)</span><span class="s2"> - </span><span class="nv">$1</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$LOG_FILE</span> <span class="o">}</span> create_user<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">username</span><span class="o">=</span><span class="nv">$1</span> <span class="nb">local groups</span><span class="o">=</span><span class="nv">$2</span> <span class="c"># Create the user's personal group</span> <span class="k">if</span> <span class="o">!</span> getent group <span class="nv">$username</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1<span class="p">;</span> <span class="k">then </span>groupadd <span class="nv">$username</span> log_action <span class="s2">"Created group </span><span class="nv">$username</span><span class="s2">"</span> <span class="k">else </span>log_action <span class="s2">"Group </span><span class="nv">$username</span><span class="s2"> already exists"</span> <span class="k">fi</span> <span class="c"># Create user</span> <span class="k">if</span> <span class="o">!</span> <span class="nb">id</span> <span class="nt">-u</span> <span class="nv">$username</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1<span class="p">;</span> <span class="k">then </span>useradd <span class="nt">-m</span> <span class="nt">-g</span> <span class="nv">$username</span> <span class="nt">-s</span> /bin/bash <span class="nv">$username</span> log_action <span class="s2">"Created user </span><span class="nv">$username</span><span class="s2">"</span> <span class="k">else </span>log_action <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> already exists"</span> <span class="k">return fi</span> <span class="c"># Assign additional groups to the user</span> <span class="nv">IFS</span><span class="o">=</span><span class="s1">','</span> <span class="nb">read</span> <span class="nt">-ra</span> group_array <span class="o">&lt;&lt;&lt;</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="k">for </span>group <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">group_array</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do </span><span class="nv">group</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$group</span> | xargs<span class="si">)</span> <span class="c"># Remove leading/trailing whitespaces</span> <span class="k">if</span> <span class="o">!</span> getent group <span class="nv">$group</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1<span class="p">;</span> <span class="k">then </span>groupadd <span class="nv">$group</span> log_action <span class="s2">"Created group </span><span class="nv">$group</span><span class="s2">"</span> <span class="k">fi </span>usermod <span class="nt">-aG</span> <span class="nv">$group</span> <span class="nv">$username</span> log_action <span class="s2">"Added user </span><span class="nv">$username</span><span class="s2"> to group </span><span class="nv">$group</span><span class="s2">"</span> <span class="k">done</span> <span class="c"># Generate a random password for the user</span> <span class="nb">local </span><span class="nv">password</span><span class="o">=</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 12<span class="si">)</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$password</span><span class="s2">"</span> | chpasswd log_action <span class="s2">"Set password for user </span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Store the password securely</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">,</span><span class="nv">$password</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$PASSWORD_FILE</span> <span class="o">}</span> <span class="k">while </span><span class="nv">IFS</span><span class="o">=</span><span class="s1">';'</span> <span class="nb">read</span> <span class="nt">-r</span> username <span class="nb">groups</span><span class="p">;</span> <span class="k">do </span><span class="nv">username</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$username</span> | xargs<span class="si">)</span> <span class="c"># Remove leading/trailing whitespaces</span> <span class="nb">groups</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$groups</span> | xargs<span class="si">)</span> <span class="c"># Remove leading/trailing whitespaces</span> create_user <span class="nv">$username</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="k">done</span> &lt; <span class="nv">$INPUT_FILE</span> log_action <span class="s2">"User creation script completed"</span> </code></pre> </div> <h2> Breaking Down the Script </h2> <h3> Script Header and Usage </h3> <p>The script starts with a shebang (<code>#!/bin/bash</code>), indicating it should be run in a bash shell. A usage message is provided if the script is not run with the correct arguments, ensuring users know how to execute it properly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check if the input file is provided</span> <span class="k">if</span> <span class="o">[</span> <span class="nv">$# </span><span class="nt">-ne</span> 1 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Usage: </span><span class="nv">$0</span><span class="s2"> &lt;name-of-text-file&gt;"</span> <span class="nb">exit </span>1 <span class="k">fi</span> </code></pre> </div> <h3> Log and Password Files </h3> <p>We define <code>LOG_FILE</code> and <code>PASSWORD_FILE</code> for logging actions and storing passwords securely. The script ensures these files and directories are created with appropriate permissions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Log file</span> <span class="nv">LOG_FILE</span><span class="o">=</span><span class="s2">"/var/log/user_management.log"</span> <span class="nv">PASSWORD_FILE</span><span class="o">=</span><span class="s2">"/var/secure/user_passwords.txt"</span> <span class="c"># Ensure the log and password files exist</span> <span class="nb">touch</span> <span class="nv">$LOG_FILE</span> <span class="nb">mkdir</span> <span class="nt">-p</span> /var/secure <span class="nb">touch</span> <span class="nv">$PASSWORD_FILE</span> <span class="nb">chmod </span>600 <span class="nv">$PASSWORD_FILE</span> </code></pre> </div> <h3> Logging Function </h3> <p>The <code>log_action()</code> function logs messages with timestamps to the log file, providing a record of actions performed by the script.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>log_action<span class="o">()</span> <span class="o">{</span> <span class="nb">echo</span> <span class="s2">"</span><span class="si">$(</span><span class="nb">date</span> <span class="s1">'+%Y-%m-%d %H:%M:%S'</span><span class="si">)</span><span class="s2"> - </span><span class="nv">$1</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$LOG_FILE</span> <span class="o">}</span> </code></pre> </div> <h3> User Creation Function </h3> <p>The <code>create_user()</code> function handles the creation of users and their personal groups. It checks if a group or user already exists and creates them if they don't. It assigns users to additional groups specified in the input file and generates a random password for each user.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>create_user<span class="o">()</span> <span class="o">{</span> <span class="nb">local </span><span class="nv">username</span><span class="o">=</span><span class="nv">$1</span> <span class="nb">local groups</span><span class="o">=</span><span class="nv">$2</span> <span class="c"># Create the user's personal group</span> <span class="k">if</span> <span class="o">!</span> getent group <span class="nv">$username</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1<span class="p">;</span> <span class="k">then </span>groupadd <span class="nv">$username</span> log_action <span class="s2">"Created group </span><span class="nv">$username</span><span class="s2">"</span> <span class="k">else </span>log_action <span class="s2">"Group </span><span class="nv">$username</span><span class="s2"> already exists"</span> <span class="k">fi</span> <span class="c"># Create user</span> <span class="k">if</span> <span class="o">!</span> <span class="nb">id</span> <span class="nt">-u</span> <span class="nv">$username</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1<span class="p">;</span> <span class="k">then </span>useradd <span class="nt">-m</span> <span class="nt">-g</span> <span class="nv">$username</span> <span class="nt">-s</span> /bin/bash <span class="nv">$username</span> log_action <span class="s2">"Created user </span><span class="nv">$username</span><span class="s2">"</span> <span class="k">else </span>log_action <span class="s2">"User </span><span class="nv">$username</span><span class="s2"> already exists"</span> <span class="k">return fi</span> <span class="c"># Assign additional groups to the user</span> <span class="nv">IFS</span><span class="o">=</span><span class="s1">','</span> <span class="nb">read</span> <span class="nt">-ra</span> group_array <span class="o">&lt;&lt;&lt;</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="k">for </span>group <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">group_array</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do </span><span class="nv">group</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$group</span> | xargs<span class="si">)</span> <span class="c"># Remove leading/trailing whitespaces</span> <span class="k">if</span> <span class="o">!</span> getent group <span class="nv">$group</span> <span class="o">&gt;</span> /dev/null 2&gt;&amp;1<span class="p">;</span> <span class="k">then </span>groupadd <span class="nv">$group</span> log_action <span class="s2">"Created group </span><span class="nv">$group</span><span class="s2">"</span> <span class="k">fi </span>usermod <span class="nt">-aG</span> <span class="nv">$group</span> <span class="nv">$username</span> log_action <span class="s2">"Added user </span><span class="nv">$username</span><span class="s2"> to group </span><span class="nv">$group</span><span class="s2">"</span> <span class="k">done</span> <span class="c"># Generate a random password for the user</span> <span class="nb">local </span><span class="nv">password</span><span class="o">=</span><span class="si">$(</span>openssl rand <span class="nt">-base64</span> 12<span class="si">)</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">:</span><span class="nv">$password</span><span class="s2">"</span> | chpasswd log_action <span class="s2">"Set password for user </span><span class="nv">$username</span><span class="s2">"</span> <span class="c"># Store the password securely</span> <span class="nb">echo</span> <span class="s2">"</span><span class="nv">$username</span><span class="s2">,</span><span class="nv">$password</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="nv">$PASSWORD_FILE</span> <span class="o">}</span> </code></pre> </div> <h3> Main Loop </h3> <p>The script reads the input file line by line, trims any leading/trailing whitespaces from usernames and groups, and calls <code>create_user()</code> for each line in the input file.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="k">while </span><span class="nv">IFS</span><span class="o">=</span><span class="s1">';'</span> <span class="nb">read</span> <span class="nt">-r</span> username <span class="nb">groups</span><span class="p">;</span> <span class="k">do </span><span class="nv">username</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$username</span> | xargs<span class="si">)</span> <span class="c"># Remove leading/trailing whitespaces</span> <span class="nb">groups</span><span class="o">=</span><span class="si">$(</span><span class="nb">echo</span> <span class="nv">$groups</span> | xargs<span class="si">)</span> <span class="c"># Remove leading/trailing whitespaces</span> create_user <span class="nv">$username</span> <span class="s2">"</span><span class="nv">$groups</span><span class="s2">"</span> <span class="k">done</span> &lt; <span class="nv">$INPUT_FILE</span> </code></pre> </div> <h3> Execution and Logging </h3> <p>After processing the input file, a completion message is logged, indicating the script has finished executing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>log_action <span class="s2">"User creation script completed"</span> </code></pre> </div> <p><strong>Conclusion</strong></p> <p>Automating user and group management with a bash script not only simplifies administrative tasks but also enhances consistency and security. By following this guide, you can efficiently manage user accounts and groups on your system.</p> <p>For more information on internship opportunities and to learn how you can hire talent from the HNG Internship program, visit the <a href="https://hng.tech/internship" rel="noopener noreferrer">HNG Internship website</a> and explore how you can <a href="https://hng.tech/hire" rel="noopener noreferrer">hire top talent</a>.</p> devops linux bash automation