This content originally appeared on DEV Community and was authored by Toluwalemi Oluwadare
This article explains how to create users and assign them groups and passwords from a given text file.
Contents
- Objectives
- Project Setup
- Bash Script
- Test
Objectives
By the end of this tutorial, you will be able to:
- Create users with a bash script
- Create groups for these users
- Assign users to groups
- Generate and set passwords for users
- Log actions and manage permissions for security
Project Setup
- Create a
.shfile namedcreate_users.sh.
touch create_users.sh
- Create a text file named
sample.txtwith user and group data.
touch sample.txt
Bash Script
To get started, we first need to declare that this is a bash script using:
#!/bin/bash
This line tells the system to use the bash shell to interpret the script.
Next, we define our log file path and the password file path. This ensures we have paths to store logs and passwords securely:
# Define the log file and password file paths
LOGFILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"
The next step ensures the script is run with root permissions. If you don't have the right permissions, the script will exit and inform you:
# Ensure the script is run with root permissions
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root or with sudo"
exit 1
fi
Here, [[ $EUID -ne 0 ]] checks if the effective user ID is not zero (i.e., not root). The effective user ID (EUID) represents the user identity the operating system uses to decide if you have permission to perform certain actions. If the EUID is not zero, it means you're not running the script as the root user, and the script will print a message and exit with status 1.
We then define a function to log actions:
# Function to log actions
log_action() {
local message="$1"
echo "$message" | tee -a "$LOGFILE"
}
This function takes a message as an argument and appends it to the log file, also displaying it on the terminal.
Next, we check if the log file exists, create it if it doesn't, and set the correct permissions:
# Check if the log file exists, create it if it doesn't, and set the correct permissions
if [[ ! -f "$LOGFILE" ]]; then
touch "$LOGFILE"
log_action "Created log file: $LOGFILE"
else
log_action "Log file already exists, skipping creation of logfile '$LOGFILE'"
fi
log_action "Setting permissions for log file: $LOGFILE"
chmod 600 "$LOGFILE"
log_action "Successfully set"
Here, [[ ! -f "$LOGFILE" ]] checks if the log file does not exist. If true, it creates the file and logs the action. Then, it sets the permissions to read/write for the owner only (chmod 600).
We repeat a similar process for the password file:
# Check if the password file exists, create it if it doesn't, and set the correct permissions
if [[ ! -f "$PASSWORD_FILE" ]]; then
touch "$PASSWORD_FILE"
log_action "Created password file: $PASSWORD_FILE"
else
log_action "Password file already exists, skipping creation of password file '$PASSWORD_FILE'"
fi
log_action "Setting permissions for password file: $PASSWORD_FILE"
chmod 600 "$PASSWORD_FILE"
log_action "Successfully set"
This ensures the password file is created if it doesn't exist and sets the correct permissions for security.
Next, we define a function to generate random passwords:
# Function to generate random passwords
generate_password() {
local password_length=12
tr -dc A-Za-z0-9 </dev/urandom | head -c $password_length
}
The local keyword is used to define a variable that is local to the function. This means that the variable password_length is only accessible with the generate_passsword function, preventing it from interfering with other parts of the script.
Let's break down what tr -dc A-Za-z0-9 </dev/urandom | head -c $password_length does, shall we?
/dev/urandom: This is a special file in Unix-like systems that provides random data. It's often used for generating cryptographic keys, passwords, or any other data requiring randomness.-
tr -dc A-Za-z0-9: Thetrcommand is used to translate or delete characters. Here:-
-dtellstrto delete characters. -
-ccomplements the set of characters, meaning it includes everything except the specified set. -
A-Za-z0-9specifies the set of allowed characters: uppercase letters (A-Z), lowercase letters (a-z), and digits (0-9). -
</dev/urandom: Redirects the random data from/dev/urandominto thetrcommand.
-
-
| head -c $password_length: The head command is used to output the first part of files.-
-c $password_lengthspecifies the number of characters to output, defined by the variable password_length (which is 12). This ensures the generated password is exactly 12 characters long. This function usestrto generate a random string of 12 characters from/dev/urandom.
-
We then define the create_user function, which creates a user and assigns groups:
create_user() {
local username="$1"
local groups="$2"
log_action "Processing user: $username with groups: $groups"
# Check if the user already exists
if id "$username" &>/dev/null; then
log_action "User $username already exists, skipping creation"
return 1
fi
# Create the user with a home directory
useradd -m "$username"
if [[ $? -ne 0 ]]; then
log_action "Failed to create user: $username"
return 1
fi
# Create a personal group for the user
groupadd "$username"
if [[ $? -ne 0 ]]; then
log_action "Failed to create group: $username"
return 1
fi
# Add the user to the personal group
usermod -aG "$username" "$username"
# Add the user to additional groups
IFS=',' read -ra ADDR <<< "$groups"
for group in "${ADDR[@]}"; do
groupadd "$group" 2>/dev/null
usermod -aG "$group" "$username"
done
# Set up home directory permissions
chown -R "$username":"$username" "/home/$username"
chmod 700 "/home/$username"
# Generate a password and set it for the user
password=$(generate_password)
echo "$username:$password" | chpasswd
# Log the user creation and password
log_action "Created user: $username with groups: $groups"
echo "$username,$password" >> "$PASSWORD_FILE"
}
-
if id "$username" &>/dev/null; then ...: This checks if the user exists then redirects both the standard output (stdout) and standard error (stderr) to/dev/null./dev/nullis a special device file that discards any data written to it. -
useradd -m "$username": creates the user with a home directory.-mflag tellsuseraddto create a home directory for the user. -
groupadd "$username": creates a personal group for the user. -
usermod -aG "$username" "$username": adds the user to their personal group.-aflag stands for "append". It tellsusermodto append the user to the specified group(s) without removing them from any other groups. On the other hand,-Gflag specifies that the following argument ("$username") is a list of supplementary groups which the user is also a member of. -
IFS=',' read -ra ADDR <<< "$groups"splits additional groups by commas. Here the Internal Field Separator (IFS) means the shell will split strings into parts based on commas. -
groupadd "$group"2>/dev/null creates additional groups if they don't exist. -
chown -R "$username":"$username""/home/$username" sets the ownership of the home directory.chownstands for change owner and the command recursively changes ownership for all files and subdirectories within/home/$username. -
chmod 700 "/home/$username"sets permissions of the home directory.chmodstands for change mode and it changes file permission to 700. 7 grants read, write and execute permissions to the owner. 0 denies all permissions to others. -
password=$(generate_password)generates a random password. -
echo "$username:$password" | chpasswdsets the user's password. -
echo "$username,$password" >> "$PASSWORD_FILE"stores the username and password in the password file.
Finally, we define the function to read the file and create users:
# Define a function to read the file
read_file() {
local filename="$1"
# Check if the file exists
if [[ ! -f "$filename" ]]; then
log_action "File not found: $filename"
return 1
fi
# Read the file line by line
while IFS= read -r line; do
# Remove whitespace and extract user and groups
local user=$(echo "$line" | cut -d ';' -f 1 | xargs)
local groups=$(echo "$line" | cut -d ';' -f 2 | xargs)
# Create the user and groups
create_user "$user" "$groups"
done < "$filename"
}
# Call the function with the filename passed as a script argument
read_file "$1"
-
[[ ! -f "$filename" ]]: checks if the file exists.-f: This is a file test operator. It checks if the provided path (in this case, stored in the variable$filename) exists and is a regular file. -
while IFS= read -r line; do ... done < "$filename": reads the file line by line. -
local user=$(echo "$line" | cut -d ';' -f 1 | xargs): extracts the username by usingcutto split the line into fields (-f) based on the delimiter (-d) semicolon (;).-f 1selects the first field.xargstrims any leading or trailing whitespace and ensures that the result is treated as a single entity. -
local groups=$(echo "$line" | cut -d ';' -f 2 | xargs): extracts the groups. -
create_user "$user" "$groups": creates the user and assigns groups.
This section of the script reads a file passed as an argument and processes each line to create users and assign groups.
Test
To test the code simply run the following command in your terminal:
bash create_users.sh sample.txt
That's it! You can find the full code in my repository.
Cheers!
[This article was written in completion of the HNG Internship stage one DevOps task. Learn more about the program here.]
This content originally appeared on DEV Community and was authored by Toluwalemi Oluwadare
Toluwalemi Oluwadare | Sciencx (2024-07-04T00:29:17+00:00) How To Automate User Creation With Bash Script. Retrieved from https://www.scien.cx/2024/07/04/how-to-automate-user-creation-with-bash-script/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.