How to Automate User Management Using Bash Scripts

Welcome, tech enthusiasts! Today, we're diving into a SysOps adventure with a heartwarming twist. We're going to create a bash script that not only gets the job done but also adds a sprinkle of humor and love to your day. 🌟

The Task

Imagine your company has just hired a bunch of new developers. As the go-to SysOps engineer, your mission (should you choose to accept it) is to write a bash script called create_users.sh. This script will read a text file containing the usernames and group names of these new hires, create users and groups as specified, set up home directories with the right permissions, generate random passwords, and log all actions. Plus, you'll need to store the generated passwords securely. Sounds like a lot? Don't worry, I've got you covered!

The Script

Let's break down the script step by step, with a touch of humor and affection.

#!/bin/bash

# Check if the input file is provided
if [ -z "$1" ]; then
    echo "Usage: $0 <name-of-text-file>"
    exit 1
fi

input_file="$1"
log_file="/var/log/user_management.log"
password_file="/var/secure/user_passwords.csv"

# Ensure log and password directories exist and are secure
mkdir -p /var/log /var/secure
touch "$log_file" "$password_file"
chmod 600 "$password_file"

# Function to generate random password
generate_password() {
    tr -dc 'A-Za-z0-9' </dev/urandom | head -c 12
}

# Read input file line by line
while IFS=';' read -r username groups || [ -n "$username" ]; do
    username=$(echo "$username" | xargs)
    groups=$(echo "$groups" | xargs)

    # Create personal group if it doesn't exist
    if ! getent group "$username" >/dev/null; then
        groupadd "$username"
        echo "$(date): Group $username created" >> "$log_file"
    else
        echo "$(date): Group $username already exists" >> "$log_file"
    fi

    # Create user if it doesn't exist
    if ! id "$username" >/dev/null 2>&1; then
        useradd -m -g "$username" "$username"
        echo "$(date): User $username created" >> "$log_file"
    else
        echo "$(date): User $username already exists" >> "$log_file"
    fi

    # Add user to additional groups
    IFS=',' read -ra group_array <<< "$groups"
    for group in "${group_array[@]}"; do
        group=$(echo "$group" | xargs)
        if ! getent group "$group" >/dev/null; then
            groupadd "$group"
            echo "$(date): Group $group created" >> "$log_file"
        fi
        usermod -aG "$group" "$username"
        echo "$(date): User $username added to the group $group" >> "$log_file"
    done

    # Generate and store password
    password=$(generate_password)
    echo "$username,$password" >> "$password_file"
    echo "$(date): Password for user $username generated and stored in" >> "$log_file"

done < "$input_file"

echo "User creation process completed successfully. Kindly Check $log_file for details."

Breaking It Down

Step 1: Check for Input File

First, we check if the user has provided an input file. If not, we gently remind them to do so and exit gracefully. Nobody likes a grumpy script!

if [ -z "$1" ]; then
    echo "Usage: $0 <name-of-text-file>"
    exit 1
fi

Step 2: Setup Logging and Secure Directory

We create the necessary directories and files, ensuring the password file is secure. Because security is not just a feature; it's a love language.

mkdir -p /var/log /var/secure
touch "$log_file" "$password_file"
chmod 600 "$password_file"

Step 3: Generate Random Passwords

Our script includes a function to generate random passwords. A little bit of randomness keeps life exciting, doesn't it?

generate_password() {
    tr -dc 'A-Za-z0-9' </dev/urandom | head -c 12
}

Step 4: Process Each User

We read the input file line by line, create personal groups, users, and assign them to additional groups. Each action is logged, because transparency builds trust.

while IFS=';' read -r username groups || [ -n "$username" ]; do
    username=$(echo "$username" | xargs)
    groups=$(echo "$groups" | xargs)
    ...

Step 5: Create Users and Groups

If the group or user doesn't exist, we create them and log the action. If they already exist, we log that too—because everyone's contribution is valued.

if ! getent group "$username" >/dev/null; then
    groupadd "$username"
    echo "$(date): Group $username created" >> "$log_file"
else
    echo "$(date): Group $username already exists" >> "$log_file"
fi
...

Step 6: Generate and Store Passwords

We generate a password for each user and store it securely. Because keeping secrets safe is a sign of true friendship.

password=$(generate_password)
echo "$username,$password" >> "$password_file"
echo "$(date): Password for user $username generated and stored" >> "$log_file"

Challenges and Triumphs

Working on this task, I faced a couple of interesting challenges:

  1. Ensuring Secure Storage: Storing passwords securely in /var/secure was crucial. The challenge was to make sure the file permissions were correctly set to prevent unauthorized access. This required careful attention to detail and a thorough understanding of Linux file permissions.

  2. Handling Existing Users and Groups: Managing scenarios where users or groups already existed was another hurdle. The script had to handle these cases gracefully without breaking the flow. It taught me the importance of robust error handling and logging.

  3. Balancing Simplicity and Functionality: Writing a script that is both simple to understand and rich in functionality is an art. It required striking a balance between keeping the code readable and ensuring it meets all requirements.

Despite these challenges, the journey was immensely rewarding. I honed my skills in bash scripting, file handling, user management, and security practices. Plus, adding a bit of humor and love to the process made it all the more enjoyable!

Conclusion

And there you have it—a bash script that creates users, groups, and does it all with a sprinkle of love and humor.

For more information on how to embark on exciting tech adventures like this one, check out the HNG Internship Program here, or find out how to hire talented developers here. The HNG program is a treasure trove of opportunities, and it's open for all to explore.

Happy scripting! 🌟