Bash Script: How to Automate Onboarding Users on Ubuntu Linux.

oayanda

Israel .O. Ayanda

Posted on August 15, 2022

Bash Script: How to Automate Onboarding Users on Ubuntu Linux.

Have you ever faced a simple task that may have five or more steps to complete? Did you have to repeat that same task more than 200 times? This is an example of such scenarios.

CASE STUDY
Imagine you are the System Administrator for a company and your organization have just employed 100 developers. You have been tasked to onboard these new employees - Each employee Should have the following:

  • Personal home directory.
  • Added to a developers group.
  • Create a SSH folder, authorized file .
  • Copy their public key to the authorized file.
  • Force password change.

I have written a bash script to do just this. This script works for multiple users. It reads a csv file (which could have thousands of users) and create new users/employee based on the parameters stated in the script.

#!/bin/bash
userfile=$(cat names.csv)
PASSWORD=password
Enter fullscreen mode Exit fullscreen mode

This above snippet introduces the script. #!/bin/bash tells the computer how to interpret the script and the location of bash interpreter. userfile is a variable (you can use another name, but ensure consistency with the variable name in your script) which reads a csv file named names.csv (it contains the names of the employees). PASSWORD is a variable which holds password as it's value. This is the default password for all the new employees.

The next code snippet below ensures the user running this script has root privilege. It checks if the current user ID is equal to 0 (since the root user default id value is 0 )

 if [ $(id -u) -eq 0 ]; then
Enter fullscreen mode Exit fullscreen mode

Next, using a for loop, it checks if the username already exists in the system. user is a variable that iterates through the csv file. If it exists, it tells us it exists.

    for user in $userfile;
    do
            echo $user
        if id "$user" &>/dev/null
        then
            echo "User Exist"
        else
Enter fullscreen mode Exit fullscreen mode

The script creates the user, in it's home directory and adds each user to a developers group we should have created before running the script.

        useradd -m -d /home/$user -s /bin/bash -g developers $user
        echo "New User Created"
        echo
Enter fullscreen mode Exit fullscreen mode

This next snippet create a ssh folder in the user home directory.

     su - -c "mkdir ~/.ssh" $user
        echo ".ssh directory created for new user"
        echo
Enter fullscreen mode Exit fullscreen mode

Set the user permission for the ssh directory. 700 means - Protects the directory against any access from other users, while the issuing user still has full access.

   su - -c "chmod 700 ~/.ssh" $user
         echo "user permission for .ssh directory set"
         echo
Enter fullscreen mode Exit fullscreen mode

This will create an authorized-key file which would be the location where the public key is stored.

       su - -c "touch ~/.ssh/authorized_keys" $user
        echo "Authorized Key File Created"
        echo
Enter fullscreen mode Exit fullscreen mode

We need to set permission for the key file. Permissions of 600 mean that the owner has full read and write access to the file, while no other user can access the file.

        su - -c "chmod 600 ~/.ssh/authorized_keys" $user
        echo "user permission for the Authorized Key File set"
        echo

Enter fullscreen mode Exit fullscreen mode

We need to create and set the public key for users in the server. In this example, I have used one set of public key and private key but your use case might be different. Note Shell is just a directory created to hold all files (name.csv, public key and the script file) to run the script.
This script copies the public key we created to the new user's directory and names it authorized_keys.

        cp -R "/home/ubuntu/Shell/id_rsa.pub" "/home/$user/.ssh/authorized_keys"
        echo "Copyied the Public Key to New User Account on the server"
        echo
        echo

        echo "USER CREATED"
Enter fullscreen mode Exit fullscreen mode

This line of code generates a password called password, remember the PASSWORD variable declaration at the beginning. -e $user forces the user to change his/her password at the next login.

sudo echo -e "$PASSWORD\n$PASSWORD" | sudo passwd "$user" 
sudo passwd -e $user
            fi
        done
    else
    echo "Only Admin Can Onboard A User"
    fi
Enter fullscreen mode Exit fullscreen mode

The full script iterates through each name in the csv file until it is completed.

Check my Github for the complete demo and script.

CONCLUSION
Automation of repetitive tasks most often would always help productivity, increase efficiency and reduce errors.

I hope this helps someone.

Please feel free to share your tips, questions, corrections in the comments!

Thank you for reading!

💖 💪 🙅 🚩
oayanda
Israel .O. Ayanda

Posted on August 15, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related