Introduction
SysOps engineers must automate user and group management in today's fast-paced technology landscape. This article examines create_users.sh, a comprehensive Bash script that automates user creation, group assignment, and password management on Linux systems.

Script Overview
The create_users.sh script reads a text file containing usernames and group names, creates users with home directories, assigns groups, generates random passwords, and records all actions. The credentials are securely kept, allowing only the root user to access them.

Script Details
Shebang and Root Check

!/bin/bash

if [ "$(id -u)" -ne 0 ]; then
echo "This script must be run as root" >&2
exit 1
fi
The script begins with the shebang line, which specifies the script interpreter. It determines if the script is executed as root to ensure adequate permissions for user and group administration.

Log and Password File Initialization
LOG_FILE="/var/log/user_management.log"
PASSWORD_FILE="/var/secure/user_passwords.txt"

mkdir -p /var/secure
chmod 700 /var/secure
echo "User creation script started at $(date)" > $LOG_FILE
Log files and folders are initialized, verifying that the secure password directory exists and has the required permissions.

Generate Random Passwords
generate_password() {
tr -dc A-Za-z0-9 </dev/urandom | head -c 12
}
For secure password generation, a function is provided that generates random passwords with tr and /dev/urandom.

Reading and Processing the Input File
while IFS=";" read -r username groups; do
username=$(echo "$username" | xargs)
groups=$(echo "$groups" | xargs)
The script reads the input file line by line, separating usernames and groups and eliminating whitespace.

User and Group Management
if id "$username" &>/dev/null; then
echo "User $username already exists, skipping." >> $LOG_FILE
continue
fi

groupadd "$username" &>> $LOG_FILE
useradd -m -g "$username" -s /bin/bash "$username" &>> $LOG_FILE

Users are created only if they do not already exist. Each user is given a personal group.

Assigning Additional Groups and Setting Passwords
IFS=',' read -ra ADDR <<< "$groups"
for group in "${ADDR[@]}"; do
group=$(echo "$group" | xargs)
if ! getent group "$group" &>/dev/null; then
groupadd "$group" &>> $LOG_FILE
fi
usermod -aG "$group" "$username" &>> $LOG_FILE
done

password=$(generate_password)
echo "$username:$password" | chpasswd &>> $LOG_FILE
echo "$username,$password" >> $PASSWORD_FILE

Users are added to specified groups, and random passwords are generated and set. Passwords are logged securely.

Finalizing Permissions
chmod 600 $PASSWORD_FILE
echo "User creation script completed at $(date)" >> $LOG_FILE

The script ensures that the password file is only readable by the root user.

Conclusion
This script simplifies user management, ensuring that new employees can be onboarded quickly and securely. Proper logging and secure password storage are vital for maintaining system integrity and security.

For more information about such scripts and internships, explore the HNG Internship Program and learn how to https://hng.tech/internship.

Summary
The create_users.sh script automates the process of establishing users, allocating groups, and password management in a secure and fast manner. SysOps engineers can maintain strong and scalable systems by understanding the script's individual components.