Once in a while, you may need to create local users in bulk on a standalone Linux machine. A typical scenario we often face is creating an SFTP server for external users to upload files. Of course, you can solve this with central authentication like LDAP and Active Directory, but this is a more elaborate process and may not fit everyone’s need. In this post, we will create a simple Bash script that will allow us to create local Linux users in bulk.
Script Inputs
We will have the credentials stored in a CSV file with a name credentials.csv. The format of the CSV file is quite simple:
user1,password1 user2,password2 user3,password3 ...
Each line in the file represents the credentials of a new user. We will separate the username and the password with a comma. Keep in mind that in this case, you cannot have a comma in the password because this will break the script.
Reading User Credentials from a CSV
The process we will use to read the credentials from the CSV file will include two steps.
Read the Lines from the CSV File Into an Array
To read the credentials into an array, we can use the read shell command. Before we read the lines from the file though, we need to set the internal field separator (IFS) to the new line character (\n). Here is how to read the CSV lines into an array:
ORIGINAL_IFS=$IFS IFS=$'\n' read -d '' -ra credentials < credentials.csv IFS=$ORIGINAL_IFS
The -d option for the read command is important. If you don’t include it, only the first line of the file will be read. The -r option makes sure that bachslashis not considered an escape char while the -a instructs the command to use indexed array with the specified name. For more details of the read command, see https://ss64.com/bash/read.html. Line 01 and line 04 above preserve the original field separator.
Split Every Line Into Username and Password Variables
The second step is to split every line with credentials into two variables: iuser and ipasswd. For this, we first will need to set the internal field separator to comma (,). Then, we can use read again to split the credentials in separate variables. Here is how this is done for a single array entry:
ORIGINAL_IFS=$IFS
IFS=","
read iuser ipasswd <<< "${lines[0]}"
IFS=$ORIGINAL_IFS
Of course, we need to iterate over all elements of the array using a loop. We will come to that later.
Creating Users and Setting Passwords
We will use the built-in command for creating users. In the case of Ubuntu, we can use useradd. Normally useradd prompts you for the password using the interactive prompt. To avoid the interactive prompt, we will echo the password and pipe the input to the passwd command. Here is how to do that:
useradd -m $iuser echo "$ipasswd"$'\n'"$ipasswd" | passwd $iuser
The -m option for the useradd command above instructs the command to create a home directory for the user.
Putting It All Together
As mentioned above, we need to iterate over all credentials to create the users. Here is how to do that:
for credential in "${credentials[@]}"
do
read iuser ipasswd <<< "$credential"
# create the user
done
And here is the complete script that creates the users:
#!/bin/bash
# Preserve the original field separator
ORIGINAL_IFS=$IFS
# Change the field separator to the new line character
IFS=$'\n'
# Read the lines with crednetials from the CSV file
read -d '' -ra credentials < ./credentials.csv
# Change the file separtor to a comma
IFS=','
# Iterate over the credentials
for credential in "${credentials[@]}"
do
# Split the credentials into two separate variables
read iuser ipasswd <<< "$credential"
# Create the user
useradd -m $iuser
# Set the password
echo "$ipasswd"$'\n'"$ipasswd" | passwd $iuser
done
# Return the original field separator
IFS=$ORIGINAL_IFS
The above script shows you the necessary steps to read credentials from a CSV file and create users on Linux. Keep in mind that the script it not very advanced and you can add a lot of improvements to it. Few things that you can add are error handling, help how to run the script as well as a way to run the script remotely. We will explain some of those in one of our future posts.
You must log in to post a comment.