44 Adding Users to the System | Wicked Cool Shell Scripts

#44 Adding Users to the System

If you're responsible for managing a network of Unix or Linux systems, you've already experienced the frustration caused by subtle incompatibilities among the different operating systems in your dominion . Some of the most basic administration tasks prove to be the most incompatible across different flavors of Unix, and chief among these tasks is user account management. Rather than have a single command-line interface that is 100 percent consistent across all Unix flavors, each vendor has developed its own graphical interface for working with the peculiarities and quirks of its own Unix.

The Simple Network Management Protocol (SNMP) was, ostensibly, supposed to help normalize this sort of thing, but managing user accounts is just as difficult now as it was a decade ago, particularly in a heterogeneous computing environment. As a result, a very helpful set of scripts for a system administrator includes a version of adduser , deleteuser , and suspenduser that can be customized for your specific needs and then easily ported to all your Unix systems.

Mac OS X is the odd OS out!

Mac OS X is an exception to this rule, with its reliance on an account database called NetInfo. Versions of these tools for Mac OS X are presented in Chapter 11.

On a Unix system, an account is created by adding a unique entry to the /etc/passwd file, an entry consisting of a one-to eight-character account name , a unique user ID, a group ID, a home directory, and a login shell for that user. Modern Unix systems store the encrypted password value in /etc/shadow , so an entry must be added to that file too, and finally the account needs to be listed in the /etc/group file, with the user either as his or her own group (a more recent strategy implemented in this script) or as part of an existing group.

The Code

 #!/bin/sh # adduser - Adds a new user to the system, including building their #           home directory, copying in default config data, etc. #           For a standard Unix/Linux system, not Mac OS X. pwfile="/etc/passwd"    shadowfile="/etc/shadow" gfile="/etc/group" hdir="/home" if [ "$(whoami)" != "root" ] ; then   echo "Error: You must be root to run this command." >&2   exit 1 fi echo "Add new user account to $(hostname)" echo -n "login: "     ; read login # Adjust '5000' to match the top end of your user account namespace # because some system accounts have uid's like 65535 and similar. uid="$(awk -F: '{ if (big <  &&  < 5000) big= } END { print big + 1 }' $pwfile)" homedir=$hdir/$login # We are giving each user their own group, so gid=uid gid=$uid echo -n "full name: " ; read fullname echo -n "shell: "     ; read shell echo "Setting up account $login for $fullname..." echo ${login}:x:${uid}:${gid}:${fullname}:${homedir}:$shell >> $pwfile echo ${login}:*:11647:0:99999:7::: >> $shadowfile echo "${login}:x:${gid}:$login" >> $gfile mkdir $homedir cp -R /etc/skel/.[a-zA-Z]* $homedir chmod 755 $homedir find $homedir -print  xargs chown ${login}:${login} # Setting an initial password passwd $login exit 0

How It Works

The coolest single line in this script contains the snippet

 awk -F: '{ if (big <  &&  < 5000) big= } END { print big + 1 }' $pwfile

This scans through the /etc/passwd file, ascertaining the largest user ID currently in use that's less than the highest allowable user account value (adjust this for your configuration preferences) and then adding 1 to it for the new account user ID. This saves the admin from having to remember what the next available ID is, and it also offers a high degree of consistency in account information as the user community evolves and changes.

Once the account is created, the new home directory is created and the contents of the /etc/skel directory are copied to the home directory. By convention, the /etc/skel directory is where a master . cshrc , .login , .bashrc , and .profile are kept, and on sites where there's a web server offering ~account service, a directory like /etc/skel/public_html would also be copied across to the new home directory, alleviating many "Where do I create my new website?" questions.

Running the Script

This script must be run by root and has no starting arguments.

The Results

Because my system already has an account named tintin , it's helpful to ensure that snowy has his own account too: ^[1]

 $  sudo adduser  Add new user account to aurora login:  snowy  full name: Snowy the Dog shell: /bin/bash Setting up account snowy for Snowy the Dog... Changing password for user snowy. New password: Retype new password: passwd: all authentication tokens updated successfully.

Hacking the Script

One significant advantage of using your own adduser script is that you can also add code and change the logic of certain operations without worrying about an OS upgrade stepping on the modifications. Possible modifications include automatically sending a "welcome" email that outlines usage guidelines and online help options, automatically printing out an account information sheet that can be routed to the user, adding a firstname_lastname or firstname .lastname alias to the mail aliases file, or even copying into the account a set of files so that the owner can immediately begin to be productive on a team project.

^[1] Wondering what on earth I'm talking about here? It's The Adventures of Tintin , by Herg , a wonderful series of illustrated adventures from the middle of the 20th century. See http://www.tintin.com/