Managing user accounts in a Linux environment can be tedious, especially when dealing with a large number of new employees. To simplify this process, we can use a Bash script to automate user and group creation, ensuring appropriate permissions and logging. Below is a detailed breakdown of a Bash script that accomplishes this.
Script Overview
The script reads a text file containing usernames and group names, creates users and groups as specified, sets up home directories with appropriate permissions and ownership, generates random passwords for the users, and logs all actions to /var/log/user_management.log. It also securely stores the generated passwords in /var/secure/user_passwords.txt.
Script Breakdown
#!/bin/bash # Check if the input file is provided if [ $# -eq 0 ]; then echo "Usage: $0 <user_list_file>" exit 1 fi user_list_file="$1" # Log and password file paths log_file="/var/log/user_management.log" password_file="/var/secure/user_passwords.txt" # Create the necessary directories and set permissions mkdir -p /var/log mkdir -p /var/secure touch "$log_file" touch "$password_file" chmod 600 "$password_file" Input File Check: The script starts by ensuring that an input file is provided. This file should contain the list of users to be managed.
Directory and File Setup: It creates directories and files necessary for logging and storing passwords. Permissions are set to ensure security.
# Function to log actions log_action() { echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" >> "$log_file" } Logging Function: A function log_action is defined to log each action taken by the script. This helps in auditing and troubleshooting.
# Read the user list file while IFS=';' read -r username groups; do # Remove whitespace username=$(echo "$username" | xargs) groups=$(echo "$groups" | xargs) Reading the User List: The script reads each line from the input file, expecting a username and groups separated by a semicolon. Whitespace is trimmed to ensure clean data.
# Ensure all specified groups exist for group in $(echo "$groups" | tr ',' ' '); do if ! getent group "$group" >/dev/null; then groupadd "$group" if [ $? -eq 0 ]; then log_action "Created group $group" else log_action "Failed to create group $group" continue fi else log_action "Group $group already exists" fi done Group Management: The script checks if each specified group exists and creates it if it doesn't. Actions are logged accordingly.
# Create the personal group if ! getent group "$username" >/dev/null; then groupadd "$username" if [ $? -eq 0 ]; then log_action "Created group $username" else log_action "Failed to create group $username" continue fi else log_action "Group $username already exists" fi Personal Group Creation: For each user, a personal group with the same name is created if it doesn't already exist.
# Create the user with the personal group if ! id -u "$username" >/dev/null 2>&1; then useradd -m -g "$username" -s /bin/bash "$username" if [ $? -eq 0 ]; then log_action "Created user $username with personal group $username" User Creation: If the user doesn't already exist, the script creates the user account, assigns the personal group, and sets the default shell to bash.
# Set the user's additional groups if [ -n "$groups" ]; then usermod -aG "$groups" "$username" if [ $? -eq 0 ]; then log_action "Added user $username to groups $groups" else log_action "Failed to add user $username to groups $groups" fi fi # Generate a random password password=$(openssl rand -base64 12) echo "$username:$password" | chpasswd if [ $? -eq 0 ]; then log_action "Set password for user $username" else log_action "Failed to set password for user $username" fi # Save the password securely echo "$username,$password" >> "$password_file" else log_action "Failed to create user $username" fi else log_action "User $username already exists" fi Additional Group Assignment: If additional groups are specified, the user is added to these groups.
Password Management: A random password is generated and set for the user. The password is stored securely in a file with restricted permissions.
# Set home directory permissions chmod 700 "/home/$username" chown "$username:$username" "/home/$username" log_action "Set permissions for /home/$username" done < "$user_list_file" log_action "Script execution completed." Home Directory Permissions: The script sets strict permissions on the user's home directory to ensure privacy and security.
Key Features
- Group Creation: Ensures all specified groups exist before assigning users to them, preventing errors and ensuring proper group membership.
- User Creation: Creates users with personal groups and sets up their home directories with appropriate permissions.
- Password Generation: Generates random, secure passwords for new users and stores them securely.
- Logging: Logs all actions to a log file for audit purposes and troubleshooting.
Conclusion
This script is a robust solution for managing user accounts in a Linux environment. By automating the creation and management of users and groups, it saves time and reduces the potential for errors.
Top comments (1)