Automated User and Group Management in Linux: A Step-by-Step Guide

Introduction

Effective user and group management is essential in maintaining security and operational efficiency within Linux environments. In this guide, we will write a bash script designed to automate the creation and management of users and groups. The aim is to improve system administration processes while ensuring adherence to security best practices.

Task

Your company has employed many new developers. As a SysOps engineer, write a bash script called create_users.sh that reads a text file containing the employee’s usernames and group names, where each line is formatted as user;groups.

The script should create users and groups as specified, set up home directories with appropriate permissions and ownership, generate random passwords for the users, and log all actions to /var/log/user_management.log. Additionally, store the generated passwords securely in /var/secure/user_passwords.txt.

Prepare Text File

Before we proceed to write our script, let's create a text file: "user_list.txt"

In our text file, we have usernames and user groups separated by semicolons ";"

Write Bash Script

We will create a script called: create_users.sh

Section 1: Path Definition and Permissions Setting

The script begins by defining critical paths for logging and password storage, ensuring the necessary files exist and have appropriate permissions.

The LOG_FILE and PASSWORD_FILE variables store paths to the log file and password storage file, respectively.

mkdir -p ensures that directories (/var/log and /var/secure) exist or create them if not.

touch creates empty files if they do not exist, and chmod 600 restricts permissions of PASSWORD_FILE to read and write only by the owner (root), enhancing security.

Section 2: Random Password Generation Function

The script includes a function to generate strong, random passwords for user accounts.

Section 3.1: Reading the Input File

The script reads the input file line by line, extracting usernames and associated groups from each line.

xargs removes any leading or trailing whitespace from username and groups.

For each user, the script checks if a primary group with the same name as the username exists. If not, it creates the group.

• Checking Group Existence:getent group "$username" checks if the group already exists.

• Creating the Group: If the group does not exist, groupadd creates it, and the action is logged.

• Logging: Actions are logged to LOG_FILE using echo and tee. The | symbol is used to pipe the output of the echo command to another command, which is tee in this case

Section 3.2: Creating the User

The script checks if the user exists and creates the user with the specified groups if not.

• Checking User Existence:id -u "$username" checks if the user exists.

• Creating the User: If the user does not exist, useradd creates the user with a home directory (-m), primary group (-g)

• Setting Password: A random password is generated and set for the user using chpasswd.

• Logging: User creation and password settings are logged to LOG_FILE, and passwords are stored securely in PASSWORD_FILE.

• Securing Password File:chown root:root ensures the password file is owned by root

Section 3.3: Creating Additional Groups

• 

  For each group, getent group checks if it exists and groupadd creates it if not.

• usermod -aG adds the user to each additional group.

Section 4: Setting Home Directory Permissions

The script sets the appropriate permissions and ownership for the user's home directory.

Make the Script Executable

chmod +x create_users.sh

Run the script with the path to your input file as an argument:

sudo ./create_users.sh user_list.txt

Conclusion

This script effectively automates user and group management based on the contents of an input file, providing detailed logging and secure password handling.