Archive for July 2024

Efficiently Managing User Accounts with Bash Scripting

Efficiently Managing User Accounts with Bash Scripting

Introduction

As a SysOps engineer, one of your primary responsibilities is to ensure the efficient management of user accounts. This involves creating user accounts, assigning them to appropriate groups, setting up home directories, generating secure passwords, and maintaining comprehensive logs. To streamline these tasks, we can automate the process with a bash script. In this article, we’ll walk through a script designed for this purpose.

Script Overview

The create_users.sh script reads a text file containing usernames and group names, creates the users and their respective groups, sets up home directories, generates random passwords, and logs all actions performed. This script is particularly useful in environments like ours, which uses HNG Internship guidelines.

Script Breakdown

Preparation

The script begins by checking if it is run with root privileges since creating users and groups requires administrative access. It then verifies that an input file is provided.

Setting Up Logging and Secure Directories

Logs are stored in /var/log/user_management.log, and passwords are securely stored in /var/secure/user_passwords.txt.

Creating Users and Groups

For each user, a personal group is created if it doesn’t already exist. Users are created and added to the specified groups. Home directories are set up with appropriate permissions.

Generating and Storing Passwords

A random password is generated for each user using openssl rand -base64 12, and passwords are securely stored in /var/secure/user_passwords.txt.

Error Handling

The script handles scenarios where users or groups already exist and logs these events.

Usage

To use the script, you need to supply a text file with the usernames and groups. The format of the file should be as follows:

light; sudo,dev,www-data
idimma; sudo
mayowa; dev,www-data

Running the Script

Run the script with the following command:

sudo bash create_users.sh <name-of-text-file>

Replace <name-of-text-file> with the actual file name containing the user details.

Conclusion

This script simplifies the process of managing user accounts, ensuring consistency and security. By automating these tasks, SysOps engineers can focus on more critical issues, enhancing overall productivity. For more insights into efficient management practices, consider exploring resources from the HNG Internship.

Script Code

Here is the complete create_users.sh script:

#!/bin/bash

# Check if the script is run as root
if [[ $EUID -ne 0 ]]; then
    echo "This script must be run as root" | tee -a /var/log/user_management.log
    exit 1
fi

# Check if the input file is provided
if [ -z "$1" ]; then
    echo "Usage: $0 " | tee -a /var/log/user_management.log
    exit 1
fi

USER_LIST_FILE=$1

# Ensure the log directory exists
mkdir -p /var/log
LOG_FILE="/var/log/user_management.log"

# Ensure the secure directory exists
SECURE_DIR="/var/secure"
mkdir -p $SECURE_DIR
chmod 700 $SECURE_DIR
PASSWORD_FILE="$SECURE_DIR/user_passwords.txt"

# Function to create a user and set up their home directory
create_user() {
    local username=$1
    local groups=$2

    # Create personal group
    if ! getent group "$username" > /dev/null 2>&1; then
        groupadd "$username"
        echo "Group $username created" | tee -a $LOG_FILE
    fi

    # Create the user
    if ! id "$username" > /dev/null 2>&1; then
        useradd -m -g "$username" -G "$groups" "$username"
        echo "User $username created and added to groups $groups" | tee -a $LOG_FILE

        # Generate a random password
        password=$(openssl rand -base64 12)
        echo "$username:$password" | chpasswd
        echo "$username,$password" >> $PASSWORD_FILE

        # Set appropriate permissions and ownership
        chown -R "$username":"$username" "/home/$username"
        chmod 700 "/home/$username"

        echo "Home directory for $username set up with appropriate permissions" | tee -a $LOG_FILE
    else
        echo "User $username already exists" | tee -a $LOG_FILE
    fi
}

# Read the user list file
while IFS=';' read -r username groups; do
    # Remove leading and trailing whitespace
    username=$(echo "$username" | xargs)
    groups=$(echo "$groups" | xargs | tr -d ' ')

    if [[ -n "$username" && -n "$groups" ]]; then
        create_user "$username" "$groups"
    fi
done < "$USER_LIST_FILE"

# Set permissions on the password file
chmod 600 $PASSWORD_FILE

echo "User creation process completed" | tee -a $LOG_FILE

By following these steps, you will ensure a comprehensive and effective user management process in your organization.

Saturday, 6 July 2024
Posted by Gabriel Oyeyemi
0 Comments

Popular Post

Blogger templates

- Copyright © GoldeNaija -Metrominimalist- Powered by Blogger - Designed by Johanes Djogan -