Introduction
HNG internship is a fast-paced remote bootcamp for learning and applying digital skills to to solve problems. One of the handful of problems that interns have been tasked to solve in the Devops track of cohort 11 is a Linux based user management system using a Bash script. A user is an entity in a Linux operating system, that can manipulate files and perform many other operations depending on their permissions. It is crucial to manage users and the kinds of access that they posses in a Linux System.
Objectives
In this article I will explain the create_user.sh script which is a script that manages users and groups and is majorly focused on doing the following:
Read a text file containing a list of users and their groups, where each line is formatted as user;groups
Set up home directories with appropriate permissions
Set up users and groups
Generate random passwords for Users
Save passwords in a protected file
Log all activities in a log file
Handle errors appropriately
Prerequisite
A Basic understanding of Bash Scripting and Linux users and groups
Script Breakdown
Step 1: Ensure Script runs as a bash script
#!/bin/bash
Step 2: Specify paths to Password and Log files
LOG_MANAGER_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_password.txt"
Step 3: Create a function that generates a 16 character random password
generate_password() {
openssl rand -base64 16
}
Step 4: Create a function that logs activities with timestamp to the log file
log_message() {
echo "$(date +'%Y-%M-%D-%S') -$1" >> "$LOG_MANAGER_FILE"
}
Step 5: Ensure that the text file to read is provided
if [ "$#" -eq 0 ]; then
log_message "Error: user file not found. Please pass the user file as base argument "
exit 1
fi
Step 6: Use root privileges to create the log file
if [ ! -f "$LOG_MANAGER_FILE" ]; then
sudo touch "$LOG_MANAGER_FILE"
log_message "created log management file at"
fi
Step 7: Create the secure directory and the password file with root privilege
if [ ! -f "$PASSWORD_FILE" ]; then
echo "creating secure password directory..."
sudo mkdir -p /var/secure
sudo chmod 700 /var/secure
sudo touch "$PASSWORD_FILE"
sudo chmod go-rwx "$PASSWORD_FILE"
log_message "created Password file "
fi
Step 8: While username and group is separated by Internal Field Separator(IFS);
Eliminate white spaces
Create a group with the same name as the username
Check if user already exists
Add user to the home directory
=> /home/userAdd the group to
/etc/groupGenerate a password and attach it to a user
while IFS=";" read -r username groups; do
# Eliminate white spaces
username=$(echo "$username" | xargs)
groups=$(echo "$groups" | xargs)
#create group with username as group name
groupadd "$username" &>> "$LOG_MANAGER_FILE"
log_message "created user group"
#check if user already exists
if id -u "$username" &> /dev/null; then
log_message "user already exists"
continue
fi
#add user in the /home directory
useradd -m -g "$username" "$username" &>> "$LOG_MANAGER_FILE"
log_message "user created in home directory"
#add group in the etc/group directory
for group in $(echo "$groups" | tr ',' ' '); do
if ! grep -q "^$groups:" /etc/group; then
groupadd "$group" &>> "$LOG_MANAGER_FILE"
log_message "created group: $group"
fi
#add user to the created group
usermod -aG "$group" "$username"
log_message "Added user: $username to: $group"
done
#assign passwords to users
password=$(generate_password)
echo "$username, $password" >> "$PASSWORD_FILE"
echo "$password" | passwd --stdin "$username" &>> "$LOG_MANAGER_FILE"
log_message "User Password generated and set for: $username"
done < "$1"
Conclusion
In this article we have explored writing a script that manages users and groups in a Linux system. The create_user.sh script automated the user provisioning based on a user list file. It traversed a text file that contains a list of users and their groups, ensured that users are created and added to the right groups and also handled errors in the case of pre-existence with every step properly documented in a log file.
Learn More
HNG helps advanced learners gain useful digital work experiences learn more at https://hng.tech/internship.
Companies looking to hire can also learn more at https://hng.tech/hire: