As a SysOps engineer, managing user accounts and groups efficiently is crucial for maintaining system security and access control. In this article, we’ll explore how to create a Bash script called create_users.sh that reads input from a text file, creates users and groups, sets up home directories, generates random passwords, logs actions, and securely stores passwords.
Prerequisites
Before we dive into the script, make sure you have the following:
- A Linux system (e.g., Ubuntu, CentOS) with Bash installed.
- Basic knowledge of Bash scripting.
- The create_users.sh Script
#!/bin/bash
# automating user account creation
# Input file (usernames and groups)
input_file="$1"
# Log file
log_file="/var/log/user_management.log"
# Secure password storage file
password_file="/var/secure/user_passwords.txt"
# create secure directory
sudo mkdir -p /var/secure
# Function to generate a random password
generate_password() {
# using 'openssl rand -base64 12’ to generate a 12-character password
openssl rand -base64 12
}
# Read input file line by line
while IFS=';' read -r username groups; do
# Create groups if they don't exist
for group in $(echo "$groups" | tr ',' ' '); do
groupadd "$group" 2>/dev/null || echo "Group $group already exists"
done
# Create user
useradd -m "$username" -G "$groups" 2>/dev/null || echo "User $username already exists"
# Set password
password=$(generate_password)
echo "$username:$password" | chpasswd
# Log actions
echo "$(date '+%Y-%m-%d %H:%M:%S') - Created user $username with groups: $groups" >> "$log_file"
# Store password securely
echo "$username:$password" >> "$password_file"
done < "$input_file"
Explanation:
Input File ($input_file): The script expects an input file containing lines with the format username; groups. Each user can belong to multiple groups (comma-separated).
Directory Creation: This is needed to make the location defined above available. If this is not available the code will still run but the passwords will not be logged as required. This step has to be done with elevated privileges, hence sudo.
Group Creation:
The script reads the input file and creates groups (if they don’t exist) using groupadd. Existing groups are skipped, and a message is logged.User Creation:
Users are created using useradd with the specified groups. Existing users are skipped, and a message is logged.Password Generation:
The generate_password function generates random passwords (customize as needed). Passwords are set using chpasswd.Logging:
Actions (user creation, group creation) are logged with timestamps in $log_file.Secure Password Storage:
Usernames and passwords are stored securely in $password_file.
- Usage
- Make the script executable: chmod +x create_users.sh
- Run the script with the input file: ./create_users.sh input.txt
This was a stage 1 DevOps Task at HNG. You can check for available roles at HNG here
This entire code is available at https://github.com/Uduakobong-Udombat/user_account_automation_with_bash
Top comments (0)