Optimizing My Company’s Developers and Group Management with Bash Script Automation

This content originally appeared on DEV Community and was authored by Abdul Barri Lawal

Bash Script: `create_users.sh`

#!/bin/bash

# Log file and password file paths
LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.csv"

# Function to log actions
log_action() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE
}

# Function to generate random passwords
generate_password() {
    openssl rand -base64 12
}

# Check if the input file is provided
if [ $# -ne 1 ]; then
    echo "Usage: $0 <name-of-text-file>"
    exit 1
fi

# Create log and password files
touch $LOG_FILE
mkdir -p /var/secure
touch $PASSWORD_FILE
chmod 600 $PASSWORD_FILE

# Read the input file
while IFS=';' read -r username groups; do
    # Remove leading/trailing whitespace
    username=$(echo "$username" | xargs)
    groups=$(echo "$groups" | xargs)

    # Create user if it doesn't exist
    if id "$username" &>/dev/null; then
        log_action "User $username already exists."
    else
        password=$(generate_password)
        useradd -m -G $groups $username
        echo "$username:$password" | sudo chpasswd
        echo "$username,$password" >> $PASSWORD_FILE
        log_action "User $username created and added to groups: $groups"
    fi

    # Create a personal group with the same name as the username if it doesn't exist
    if ! getent group "$username" &>/dev/null; then
        groupadd $username
        usermod -aG $username $username
        log_action "Group $username created and user $username added to it."
    fi

    # Add user to additional groups if specified
    IFS=',' read -ra ADDR <<< "$groups"
    for group in "${ADDR[@]}"; do
        if ! getent group "$group" &>/dev/null; then
            groupadd $group
            log_action "Group $group created."
        fi
        usermod -aG $group $username
    done

    # Set appropriate permissions and ownership
    chmod 755 /home/$username
    chown $username:$username /home/$username
    log_action "Set permissions and ownership for /home/$username"
done < "$1"

echo "User creation process completed. Check the log file for details: $LOG_FILE"

Technical Article

Automating User and Group Management with a Bash Script

Managing users and groups in a Linux environment can be a daunting task, especially when dealing with a large number of new hires. Automating this process not only saves time but also ensures consistency and security. In this article, I’ll walk you through a Bash script designed to read user and group information from a text file, create users and groups, set up home directories, generate passwords, and log all actions.

Script Overview

The script, named create_users.sh, performs the following tasks:

Reads User and Group Information: It takes a text file as input, where each line contains a username and associated groups, separated by a semicolon.
Creates Users and Groups: For each user, it checks if the user and groups already exist and creates them if necessary.
Sets Up Home Directories: It ensures each user has a home directory with the correct permissions and ownership.
Generates Random Passwords: Secure passwords are generated for each user and stored in a secure file.
Logs Actions: All actions performed by the script are logged for auditing purposes.

Detailed Explanation

1. Reading the Input File

The script expects a single argument – the name of the text file containing user and group information. It reads this file line by line, extracting the username and groups.

while IFS=';' read -r username groups; do
    username=$(echo "$username" | xargs)
    groups=$(echo "$groups" | xargs)

2. Creating Users

For each user, the script checks if the user already exists using the id command. If not, it creates the user and generates a random password using OpenSSL.

if id "$username" &>/dev/null; then
    log_action "User $username already exists."
else
    password=$(generate_password)
    useradd -m -G $groups $username
    echo "$username:$password" | sudo chpasswd
    echo "$username,$password" >> $PASSWORD_FILE
    log_action "User $username created and added to groups: $groups"
fi

3. Creating Groups

For each user, a personal group with the same name is created if it doesn’t exist. Additional groups specified in the input file are also created and the user is added to them.

if ! getent group "$username" &>/dev/null; then
    groupadd $username
    usermod -aG $username $username
    log_action "Group $username created and user $username added to it."
fi

IFS=',' read -ra ADDR <<< "$groups"
for group in "${ADDR[@]}"; do
    if ! getent group "$group" &>/dev/null; then
        groupadd $group
        log_action "Group $group created."
    fi
    usermod -aG $group $username
done

4. Setting Permissions

The script ensures that each user’s home directory has the correct permissions and ownership.

chmod 755 /home/$username
chown $username:$username /home/$username
log_action "Set permissions and ownership for /home/$username"

5. Logging and Security

All actions are logged to /var/log/user_management.log, and the generated passwords are stored securely in /var/secure/user_passwords.csv with appropriate permissions.

log_action() {
    echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> $LOG_FILE
}

touch $LOG_FILE
mkdir -p /var/secure
touch $PASSWORD_FILE
chmod 600 $PASSWORD_FILE

Conclusion

By automating user and group management, this script enhances security, ensures consistency, and saves valuable time for SysOps engineers. The full script is available on GitHub.

For more insights on the importance of automation in system administration and other related topics, check out the HNG Internship and learn how you can hire top tech talent.