Azeez In the world of system administration, managing users and groups efficiently is crucial. This article presents a shell script that automates user and group management on Linux systems, making the process seamless and efficient. The script takes in a file which consists of users to be added to a machine and their corresponding groups
Below is a detailed explanation of the shell script:
1. Script Header and Argument Check
#!/bin/bash
# Check if the correct number of arguments is passed
if [ "$#" -lt 1 ]; then
echo "Usage: $0 <filename>"
exit 1
fi
- #!/bin/bash: This line specifies that the script should be run using the Bash shell.
- The script checks if at least one argument is passed (the filename). If not, it prints the usage message and exits with a status of 1, indicating an error that filename is needed which can be either relative or absolute path to the location of the filename. The filename is the file that list all the users and groups. An example file would be given later.
2. Filename Argument and File Existence Check
# The first argument is the filename
filename="$1"
# Check if the file exists
if [ ! -f "$filename" ]; then
echo "File not found: $filename"
exit 1
fi
- filename="$1": Stores the first argument in the filename variable.
- The script checks if the file exists. If not, it prints an error message and exits.
3. Function to Trim Whitespace
# Function to trim leading and trailing whitespace
trim() {
local var="$*"
# Remove leading whitespace
var="${var#"${var%%[![:space:]]*}"}"
# Remove trailing whitespace
var="${var%"${var##*[![:space:]]}"}"
echo -n "$var"
}
- This function removes leading and trailing whitespace from a string.
- local var="$*": Captures all arguments passed to the function.
- var="${var#"${var%%[![:space:]]*}"}": Removes leading whitespace.
- var="${var%"${var##*[![:space:]]}"}": Removes trailing whitespace.
- echo -n "$var": Prints the trimmed string without a newline.
4. Logging and Password File Setup
# Define the file to check
user_mgt_file_path="/var/log/user_management.log"
user_mgt_dir_path=$(dirname "$user_mgt_file_path")
# Check if the directory exists
if [ ! -d "$user_mgt_dir_path" ]; then
# Create the directory if it doesn't exist
mkdir -p "$user_mgt_dir_path"
fi
# Check if the file exists
if [ ! -f "$user_mgt_file_path" ]; then
# Create the file if it doesn't exist
touch "$user_mgt_file_path"
echo "File '$user_mgt_file_path' created."
fi
# Define the file to check
user_pass_file_path="/var/secure/user_passwords.csv"
user_pass_dir_path=$(dirname "$user_pass_file_path")
# Check if the directory exists
if [ ! -d "$user_pass_dir_path" ]; then
# Create the directory if it doesn't exist
mkdir -p "$user_pass_dir_path"
echo "Directory $user_pass_dir_path created..." >> $user_mgt_file_path
fi
# Check if the file exists
if [ ! -f "$user_pass_file_path" ]; then
# Create the file if it doesn't exist
touch "$user_pass_file_path"
echo "File $user_pass_file_path created..." >> $user_mgt_file_path
fi
- Sets up paths for the user management log file and the user passwords CSV file.
- Checks if the directories exist and creates them if they don’t.
- Checks if the files exist and creates them if they don’t, logging the creation actions.
5. Loop Through Each Line in the File
# Loop through each line in the file
while IFS= read -r line; do
# Process each line
# echo "Processing: $line"
- IFS=: Prevents leading/trailing whitespace from being trimmed.
- read -r line: Reads each line of the file into the line variable.
6. Process Each Line: Extract Username and Groups
# Define the username and password
# Trim leading and trailing whitespace
username=$(trim "${line%%;*}")
password=$(LC_CTYPE=C < /dev/urandom tr -dc 'A-Za-z0-9!@#$%&*' | head -c 16)
# Generate a random password
echo "Password generated for user $username" >> $user_mgt_file_path
usergroups=$(trim "${line#*;}")
- username=$(trim "${line%%;*}"): Extracts the username from the line (before the semicolon).
- password=$(LC_CTYPE=C < /dev/urandom tr -dc 'A-Za-z0-9!@#$%&*' | head -c 16): Generates a random 16-character password.
- usergroups=$(trim "${line#*;}"): Extracts the groups (after the semicolon).
7. Split User Groups and Create Groups
# Split the usergroups into an array
IFS=',' read -r -a groups_array <<< "$usergroups"
for i in "${!groups_array[@]}"; do
groups_array[$i]=$(trim "${groups_array[$i]}")
done
# Extract the primary group (first element)
primary_group="${username}"
# Extract the remaining groups
if [ "${#groups_array[@]}" -gt 0 ]; then
additional_groups=$(IFS=,; echo "${groups_array[*]:0}")
else
additional_groups=""
fi
- Splits the usergroups string into an array using commas.
- Trims each group name in the array.
- Sets the primary group to the username.
- Joins additional groups back into a comma-separated string if there are any.
8. Function to Create Groups if They Don’t Exist
# Function to check if a group exists, and create it if it doesn't
create_group_if_not_exists() {
groupname="$1"
if ! getent group "$groupname" > /dev/null 2>&1; then
groupadd "$groupname"
echo "User group '$groupname' created..." >> $user_mgt_file_path
else
echo "User group '$groupname' already exist! Skipping" >> $user_mgt_file_path
fi
}
- This function checks if a group exists using getent group.
- If the group doesn’t exist, it creates the group using groupadd and logs the action.
9. Create Primary and Additional Groups
# Check and create primary group
create_group_if_not_exists "$primary_group"
# Check and create additional groups
for group in "${groups_array[@]}"; do
create_group_if_not_exists "$group"
done
- Calls create_group_if_not_exists to create the primary group and each additional group if they don’t exist.
10. Create User and Set Password
# Check if the group already exists
if ! getent group "$username" > /dev/null 2>&1; then
# Create the group if it doesn't exist
groupadd "$username"
echo "Directory $user_pass_dir_path created..." >> $user_mgt_file_path # TODO
fi
# Check if the user already exists
if id "$username" &>/dev/null; then
echo "User '$username' already exists. Skipping..."
echo "User '$username' already exists. Skipping..." >> $user_mgt_file_path
else
# Create the user with the primary group and additional groups if any
if [ -n "$additional_groups" ]; then
useradd -m -g "$primary_group" -G "$additional_groups" -s /bin/bash "$username"
else
useradd -m -g "$primary_group" -s /bin/bash "$username"
fi
# Create the user with the specified group and set the password
echo "$username:$password" | chpasswd
echo "User '$username' created! Password has also been set for the user" >> $user_mgt_file_path
# Display the created username and password
echo "Password for user '$username' is: $password" >> $user_pass_file_path
# Set the home directory path
home_directory="/home/$username"
# Set permissions and ownership for the home directory
chown "$username:$primary_group" "$home_directory"
chmod 755 "$home_directory"
# Ensure appropriate permissions for additional groups
for group in "${groups_array[@]}"; do
if [ "$group" != "$primary_group" ]; then
chmod g+rx "$home_directory"
setfacl -m "g:$group:rx" "$home_directory"
fi
done
echo "User $username created with home directory $home_directory" >> $user_mgt_file_path
echo "Users created!"
fi
done < "$filename"
- Checks if a group with the username exists and creates it if not.
- Checks if a user with the username exists and skips creation if they do.
- Creates the user with the primary group and additional groups if specified.
- Sets the user’s password.
- Logs the creation actions and stores the password in a CSV file.
- Sets the home directory ownership and permissions.
- Adds read and execute
Here is the full script
#!/bin/bash
# Check if the correct number of arguments is passed
if [ "$#" -lt 1 ]; then
echo "Usage: $0 <filename>"
exit 1
fi
# The second argument is the filename
filename="$1"
# Check if the file exists
if [ ! -f "$filename" ]; then
echo "File not found: $filename"
exit 1
fi
# Function to trim leading and trailing whitespace
trim() {
local var="$*"
# Remove leading whitespace
var="${var#"${var%%[![:space:]]*}"}"
# Remove trailing whitespace
var="${var%"${var##*[![:space:]]}"}"
echo -n "$var"
}
# Define the file to check
user_mgt_file_path="/var/log/user_management.log"
user_mgt_dir_path=$(dirname "$user_mgt_file_path")
# Check if the directory exists
if [ ! -d "$user_mgt_dir_path" ]; then
# Create the directory if it doesn't exist
mkdir -p "$user_mgt_dir_path"
fi
# Check if the file exists
if [ ! -f "$user_mgt_file_path" ]; then
# Create the file if it doesn't exist
touch "$user_mgt_file_path"
echo "File '$user_mgt_file_path' created."
fi
# Define the file to check
user_pass_file_path="/var/secure/user_passwords.csv"
user_pass_dir_path=$(dirname "$user_pass_file_path")
# Check if the directory exists
if [ ! -d "$user_pass_dir_path" ]; then
# Create the directory if it doesn't exist
mkdir -p "$user_pass_dir_path"
echo "Directory $user_pass_dir_path created..." >> $user_mgt_file_path
fi
# Check if the file exists
if [ ! -f "$user_pass_file_path" ]; then
# Create the file if it doesn't exist
touch "$user_pass_file_path"
echo "File $user_pass_file_path created..." >> $user_mgt_file_path
fi
# Loop through each line in the file
while IFS= read -r line; do
# Process each line
# echo "Processing: $line"
# Define the username and password
# Trim leading and trailing whitespace
username=$(trim "${line%%;*}")
password=$(LC_CTYPE=C < /dev/urandom tr -dc 'A-Za-z0-9!@#$%&*' | head -c 16)
# Generate a random password
echo "Password generated for user $username" >> $user_mgt_file_path
usergroups=$(trim "${line#*;}")
# Split the usergroups into an array
IFS=',' read -r -a groups_array <<< "$usergroups"
for i in "${!groups_array[@]}"; do
groups_array[$i]=$(trim "${groups_array[$i]}")
# groups_array[$i]=$(echo "${groups_array[$i]}" | xargs)
done
# Extract the primary group (first element)
primary_group="${groups_array[0]}"
# Extract the remaining groups
if [ "${#groups_array[@]}" -gt 1 ]; then
additional_groups=$(IFS=,; echo "${groups_array[*]:1}")
else
additional_groups=""
fi
# Function to check if a group exists, and create it if it doesn't
create_group_if_not_exists() {
groupname="$1"
if ! getent group "$groupname" > /dev/null 2>&1; then
groupadd "$groupname"
echo "User group '$groupname' created..." >> $user_mgt_file_path
else
echo "User group '$groupname' already exist! Skipping" >> $user_mgt_file_path
fi
}
# Check and create primary group
create_group_if_not_exists "$primary_group"
# Check and create additional groups
for group in "${groups_array[@]}"; do
create_group_if_not_exists "$group"
done
# Check if the group already exists
if ! getent group "$username" > /dev/null 2>&1; then
# Create the group if it doesn't exist
groupadd "$username"
echo "Directory $user_pass_dir_path created..." >> $user_mgt_file_path # TODO
fi
# Check if the user already exists
if id "$username" &>/dev/null; then
echo "User '$username' already exists. Skipping..."
echo "User '$username' already exists. Skipping..." >> $user_mgt_file_path
else
# Create the user with the primary group and additional groups if any
if [ -n "$additional_groups" ]; then
useradd -m -g "$primary_group" -G "$additional_groups" -s /bin/bash "$username"
else
useradd -m -g "$primary_group" -s /bin/bash "$username"
fi
# Create the user with the specified group and set the password
# useradd -m -g "$username" -s /bin/bash "$username"
echo "$username:$password" | chpasswd
echo "User '$username' created! Password has also been set for the user" >> $user_mgt_file_path
# Display the created username and password
echo "Password for user '$username' is: $password" >> $user_pass_file_path
# Set the home directory path
home_directory="/home/$username"
# Set permissions and ownership for the home directory
chown "$username:$primary_group" "$home_directory"
chmod 755 "$home_directory"
# Ensure appropriate permissions for additional groups
for group in "${groups_array[@]}"; do
if [ "$group" != "$primary_group" ]; then
chmod g+rx "$home_directory"
setfacl -m "g:$group:rx" "$home_directory"
fi
done
echo "User $username created with home directory $home_directory" >> $user_mgt_file_path
echo "Users created!"
fi
done < "$filename"
How the Script Works
- Argument Check: The script starts by checking if the correct number of arguments is passed. It expects a filename as an argument.
- File Existence Check: It then checks if the provided file exists.
- Whitespace Trimming Function: A function trim is defined to remove leading and trailing whitespaces from strings.
- Log and Password File Management: The script ensures that the directories and files for logging user management actions and storing user passwords exist.
- Processing the Input File: The script reads the input file line by line, extracting the username and user groups, generating random passwords, and managing user and group creation accordingly.
Using the Script
To use the script, save it to a file, for example, create_users.sh, and make it executable:
chmod +x user_mgmt.sh
Create a file called users.txt. Make sure it is in the same directory as create_users.sh
Here is an example
light; sudo,dev,www-data
idimma; sudo
mayowa; dev,www-data
Run the script with the input file containing user information:
./create_users.sh users.txt
# OR
bash create_users.sh users.txt
Learn More About the HNG Internship
Summary
This script automates a significant part of user and group management, ensuring consistency and saving time for system administrators. The HNG Internship program encourages such practical projects, enhancing the skills of interns through real-world tasks. If you’re interested in joining or hiring from the HNG Internship, visit the links above.
Feel free to ask if you have any questions or need further modifications!
