AHMED ZBYR

AHMED ZBYR

Biker, EV Enthusiast

This script provides a simple way to create users on CentOS/RHEL 6.5 systems from the command line. It allows you to create both normal and sudo (administrator) users with a default password, forcing them to change it upon their first login for security. This is especially useful for automating user provisioning or quickly setting up development environments.

The default password is set to username@123. To enhance security, the chage command is used to ensure users change this default password when they first log in.

Script Breakdown

Here’s a breakdown of the script’s functionality:

  • usage() Function: Displays help information, explaining the script’s usage and available options.

  • create_normal_user() Function: Creates a standard user account.
    • Takes the username as input.
    • Uses useradd to create the user.
    • Sets the default password to username@123 using passwd --stdin. The --stdin option allows piping the password to the passwd command.
    • Forces password change on first login using chage -d 0. The -d 0 option sets the last password change date to 0, effectively forcing a password change.
  • create_sudo_user() Function: Creates a user with sudo privileges.
    • Takes the username as input.
    • Calls create_normal_user() to create the basic user account.
    • Adds the user to the /etc/sudoers file, granting them sudo access. Important: Modifying /etc/sudoers directly can be risky. Consider using visudo for safer editing in production environments.
  • Main Loop: Parses command-line arguments.
    • Uses a while loop and case statement to process options.
    • -s or --sudo-user: Creates a sudo user.
    • -n or --norm-user: Creates a normal user.
    • -h or --help: Displays the usage message.
    • Handles unknown options and displays the usage message.

The Script

	usage() {
	  echo -e "
	usage: $0 <single-parameter>
	  Optional parameters:\n
		 --sudo-user, -s\t\tCreate a sudo User
		 --norm-user, -n\t\tCreate a Normal User.
		 --help,      -h\t\tDisplay this Message.
	  "
	  exit 1
	}

	create_normal_user()
	{
		USRNAME=$1
		#  create user
		useradd $USRNAME
		echo ${USRNAME}@123 | passwd ${USRNAME} --stdin
		
		#  make sure user changes his passwd on first login
		chage -d 0 ${USRNAME}
	}

	create_sudo_user()
	{
		SUDO_USRNAME=$1
		create_normal_user ${SUDO_USRNAME}
		echo -e "${SUDO_USRNAME}\tALL=(ALL)\tALL" >> /etc/sudoers
	}

	while true ; do
	  case "$1" in
		-s)
		  create_sudo_user $2
		  exit 1
		  ;;
		-n)
		  create_normal_user $2
		  exit 1
		  ;;
		--sudo-user)
		  create_sudo_user $2
		  exit 1
		  ;;
		--norm-user)
		  create_normal_user $2
		  exit 1
		  ;;
		-h)
		  usage
		  exit 1
		  ;;
		--help)
		  usage
		  exit 1 
		  ;;
		*)
		  echo "Unknown option: $1"
		  usage
		  exit 1
		esac
	done

How to Use

  1. Save the script: Save the script to a file, for example, create_user.sh.
  2. Make it executable: chmod +x create_user.sh

  3. Run the script as root or with sudo:

    • Create a normal user: ./create_user.sh -n testuser or ./create_user.sh --norm-user testuser
    • Create a sudo user: ./create_user.sh -s adminuser or ./create_user.sh --sudo-user adminuser
    • Get help: ./create_user.sh -h or ./create_user.sh --help

Important Considerations

  • Security: The default password (username@123) is weak and should only be used for initial setup. Never use this script in a production environment without modifying it to generate stronger, random passwords. Consider using a password generation tool and securely storing/communicating the initial password to the user.
  • Error Handling: The script lacks robust error handling. You should add checks to ensure the user is created successfully and that the /etc/sudoers file is updated correctly.
  • visudo: For modifying /etc/sudoers, using visudo is highly recommended. This tool provides syntax checking and prevents accidental corruption of the file. You can adapt the create_sudo_user function to use visudo non-interactively.
  • CentOS/RHEL Version: This script is designed for CentOS/RHEL 6.5. It may require modifications to work correctly on other versions. Systemd based system may not work correctly.
  • Alternatives: Consider using configuration management tools like Ansible, Chef, or Puppet for more robust and scalable user management in production environments. These tools provide features like idempotency, centralized management, and auditing.
  • Logging: Implement logging to track user creation attempts and any errors that occur. This will aid in troubleshooting and auditing.

This script provides a basic foundation for user creation. By addressing the security considerations and adding error handling and other improvements, you can create a more robust and reliable tool for managing users on your CentOS/RHEL systems.

You May Also Enjoy