Managing users and groups from scripts

Mastering User and Group Management in Linux Using Bash Scripts

When administering Linux systems, efficiently managing users and groups is crucial to ensure proper security and operational functionality. For Linux system administrators, especially those managing multiple machines, scripts can save time and reduce the potential for error. In this article, we'll explore how to manage users and groups directly from Bash scripts and provide instructions working with different package managers including apt for Debian-based systems, dnf for Fedora-like systems, and zypper for openSUSE.

Fundamental Commands and Concepts

Before diving into scripting, let's first understand the essential commands:

1. useradd, usermod, and userdel: These commands are used to create, modify, and delete user accounts, respectively.

2. groupadd, groupmod, and groupdel: Similarly, these commands are for creating, modifying, and deleting groups.

3. passwd: This command is used to update a user’s password, which is essential for creating active user accounts.

4. id: Displays user and group information for a given user.

These tools are usually pre-installed on most Linux distributions, but in case they are not, they can be installed using package managers.

Installing Necessary Tools

Depending on your Linux distribution, the installation command varies:

• Debian-based systems (using apt):

  sudo apt update
  sudo apt install passwd whois
  

• Fedora-like systems (using dnf):

  sudo dnf install passwd whois
  

• openSUSE (using zypper):

  sudo zypper install passwd whois
  

These commands ensure that you have the necessary tools to manage passwords and query user information.

Writing the Script for User and Group Management

Below is a simple Bash script to create a user and add them to a group:

#!/bin/bash

# Script to add a user and assign a group

# Check for root privileges
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 
   exit 1
fi

# Prompt for user and group name
read -p 'Enter username: ' username
read -p 'Enter group name: ' groupname
read -s -p 'Enter password: ' password
echo

# Create new group if it doesn't exist
if ! getent group "$groupname" > /dev/null 2>&1; then
   groupadd "$groupname"
fi

# Create new user and add to group
useradd -m -p "$(mkpasswd "$password")" -G "$groupname" "$username"

# Set password for the user
echo "$username:$password" | chpasswd

# Output username and group information
id "$username"

Script Explanation

1. Root Check: Ensures the script is run with root privileges, crucial for modifying user and group data.

2. User Input: Collects the username, group name, and password from the administrator. Note that the password input does not echo back to the screen due to the -s option in read.

3. Group Creation: Checks if the group already exists and creates it if it does not.

4. User Creation: The new user is added with a home directory (-m), an encrypted password (using mkpasswd), and is assigned to the previously specified group.

5. Password Assignment: Securely updates the user's password.

6. Validation: Outputs the new user's ID, groups, and other information to confirm successful creation.

Conclusion

Managing users and groups via Bash scripts can streamline system administration tasks significantly. By automating these processes, you can ensure consistency and reduce the margin for error, particularly across large and dynamically changing systems. Always test scripts in a safe environment before deploying them in production to avoid unintended consequences. Whether you're using apt, dnf, or zypper, the foundational principles of Linux user management remain consistent across distributions, making these scripts very portable with minimal modifications.