Automating User and Group Management with a Bash Script
Introduction
In any growing company, the need to onboard new developers quickly and efficiently is paramount. This process includes creating user accounts, setting up appropriate permissions, and ensuring security. As a DevOps engineer, I have developed a bash script to automate this process, ensuring consistency and security.
Script Overview
The create_users.sh
script reads a text file containing usernames and group names, creates the specified users and groups, sets up home directories with the correct permissions, generates random passwords, and logs all actions. Additionally, it securely stores the generated passwords. This automation reduces the risk of human error and speeds up the onboarding process.
Script Details
Log and Password Files: The script logs actions to
/var/log/user_management.log
and stores passwords in/var/secure/user_passwords.txt
.LOG_FILE="/var/log/user_management.log" PASSWORD_FILE="/var/secure/user_passwords.txt"
Logging Function: A function to log messages with timestamps.
bashCopy codelog_message() { echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$LOG_FILE" }
Password Generation: A function to generate random passwords using
openssl
.bashCopy codegenerate_password() { echo "$(openssl rand -base64 12)" }
Setup Secure Directories: Ensure the secure storage directory exists and has the correct permissions.
bashCopy codemkdir -p /var/secure touch "$PASSWORD_FILE" chmod 600 "$PASSWORD_FILE"
Reading Input File: The script reads each line from the input file, processes the username and groups, and handles user creation.
while IFS=";" read -r username groups; do username=$(echo "$username" | xargs) groups=$(echo "$groups" | xargs)
User and Group Creation: If the user does not exist, it creates the user and their personal group, sets home directory permissions, and adds the user to additional groups.
if id "$username" &>/dev/null; then log_message "User $username already exists." continue fi useradd -m -s /bin/bash "$username" log_message "User $username created." chmod 700 "/home/$username" chown "$username:$username" "/home/$username" log_message "Home directory for $username set with appropriate permissions." IFS="," read -r -a group_array <<< "$groups" for group in "${group_array[@]}"; do group=$(echo "$group" | xargs) if ! getent group "$group" &>/dev/null; then groupadd "$group" log_message "Group $group created." fi usermod -aG "$group" "$username" log_message "User $username added to group $group." done
Password Handling: Generate, set, and store the user's password securely.
password=$(generate_password) echo "$username:$password" | chpasswd log_message "Password for $username set." echo "$username:$password" >> "$PASSWORD_FILE"
Completion Logging: A final log message indicating script completion.
log_message "User creation script completed."
Conclusion
Automating user and group management ensures that new developers are onboarded quickly and securely, allowing them to become productive members of the team with minimal delay. The create_users.sh
script exemplifies how simple bash scripting can streamline administrative tasks while maintaining high security and accuracy.
This article serves as a guide to understanding and implementing automated user management in a Linux environment. By following these steps, you can ensure a secure and efficient onboarding process for your new developers.
Learn More About HNG Internship
To explore more about how HNG can help you become a proficient developer, visit HNG Internship. If you're looking to hire top talents from HNG, check out HNG Hire. The HNG Internship program is a fantastic opportunity for aspiring developers to gain real-world experience and enhance their skills.