Overview

As a SysOps engineer, one of your primary responsibilities is to manage user accounts and groups efficiently. In this article, we’ll walk through the creation of a Bash script that automates user and group management on a Linux system. This script reads a text file containing employee usernames and group names, creates users and groups as specified, sets up home directories with appropriate permissions, generates random passwords, and logs all actions.

Project Overview

The goal of this project is to simplify and automate the process of user and group management. The script, create_users.sh, takes a text file as input, where each line is formatted as user;groups. The script performs the following tasks:

1. Creates users and their respective personal groups.

2. Sets up home directories with proper permissions.

3. Generates random passwords for users.

4. Logs all actions to /var/log/user_management.log.

5. Stores generated passwords securely in /var/secure/user_passwords.csv.

Requirements

• Linux-based operating system (Ubuntu preferred)

• openssl for password generation

• Basic understanding of Bash scripting

Script Breakdown

Here’s a detailed breakdown of the create_users.sh script:

#!/bin/bash

Log file and secure password storage

LOG_FILE="/var/log/user_management.log" PASSWORD_FILE="/var/secure/user_passwords.csv"

Check if the input file is provided

if [ -z "$1" ]; then echo "Usage: $0 " exit 1 fi

USER_FILE="$1"

Ensure the log file and password file exist

touch "$LOG_FILE" mkdir -p /var/secure touch "$PASSWORD_FILE" chmod 600 "$PASSWORD_FILE"

Process each line in the user file

while IFS=';' read -r username groups; do

Ignore empty lines

[ -z "$username" ] && continue

Remove leading and trailing whitespace from the groups

groups=$(echo "$groups" | xargs)

Create a personal group with the same name as the user

if ! getent group "$username" > /dev/null; then groupadd "$username" echo "$(date) - Group $username created." >> "$LOG_FILE" fi

Create the user if they don't exist

if ! id -u "$username" > /dev/null 2>&1; then useradd -m -g "$username" "$username" echo "$(date) - User $username created with groups: $groups" >> "$LOG_FILE"

# Generate a random password password=$(openssl rand -base64 12) echo "$username:$password" | chpasswd echo "$username,$password" >> "$PASSWORD_FILE" echo "$(date) - Password set for $username" >> "$LOG_FILE"

# Set the correct permissions for the home directory chown -R "$username:$username" "/home/$username" chmod 700 "/home/$username" echo "$(date) - Permissions set for /home/$username" >> "$LOG_FILE" else echo "$(date) - User $username already exists. Skipping creation." >> "$LOG_FILE" fi

Add the user to the additional groups if specified

IFS=',' read -r -a group_array <<< "$groups" for group in "${group_array[@]}"; do if ! getent group "$group" > /dev/null; then groupadd "$group" echo "$(date) - Group $group created." >> "$LOG_FILE" fi usermod -aG "$group" "$username" echo "$(date) - User $username added to group $group" >> "$LOG_FILE" done done < "$USER_FILE"

echo "User creation process completed. Check the log file for details: $LOG_FILE"

Detailed Explanation

1. Log File and Secure Password Storage:

   • The script starts by defining the log file and secure password storage locations. The log file records all actions performed by the script, and the password file stores generated passwords securely.

2. Check for Input File:

   • The script checks if the input file is provided. If not, it displays usage instructions and exits.

3. Ensure Log and Password Files Exist:

   • The script ensures that the log file and password file exist, creating them if necessary. It also sets the appropriate permissions for the password file to ensure it is secure.

4. Process Each Line in the User File:

   • The script reads the input file line by line. For each line, it extracts the username and groups, ignoring empty lines and trimming whitespace from the groups.

5. Create Personal Group:

   • For each user, the script creates a personal group with the same name as the user if it doesn't already exist.

6. Create User:

   • If the user doesn't exist, the script creates the user, assigns them to their personal group, generates a random password, sets the password, and stores it securely. It also sets the correct permissions for the user's home directory.

7. Add User to Additional Groups:

   • The script reads the additional groups from the input file, creates the groups if they don't exist, and assigns the user to these groups.

8. Logging:

   • All actions are logged to /var/log/user_management.log, and the generated passwords are stored securely in /var/secure/user_passwords.csv.

Running the Script on AWS Ubuntu

1. Update the Instance:

sudo apt update

sudo apt install -y openssl

2. Create and Prepare the Script:

   Create the create_users.sh script.

3. Copy the script content into create_users.sh and save it.

4. Make the script executable.

   chmod +x create_users.sh

5. Create the users.txt File:

   • Create the users.txt file.

   • Add user data to users.txt.

   • Bakare;sudo,dev,www-data

   • Rasheed;sudo

   • Abiola;dev,www-data

     • Run the Script:

     • sudo ./create_users.sh users.txt

     • Check the Log and Password Files:

     • sudo cat /var/log/user_management.log

     • sudo cat /var/secure/user_passwords.csv

       Conclusion

       This Bash script simplifies the process of managing users and groups on a Linux system, making it easier for SysOps engineers to handle these tasks efficiently. By automating user creation, password generation, and group assignments, the script ensures consistency and saves time.

     • For more information about the HNG Internship and how you can be a part of it, visit HNG Internship and HNG Premium.