1

I have found a link (Bash Script) through which we can create Users in Linux. Problem is all the Users created from this script does not have SUDO Permission (root Permissions). Please help, Which and Where I can add the switches/option so that when i execute below Script it create ALL USERS with SUDO permission.

#!/bin/bash

# NOTE: Be sure to run this script with `sudo`.

# Read user and password
while read iuser ipasswd; do

  # Just print this for debugging.
  printf "\tCreating user: %s with password: %s\n" $iuser $ipasswd

  # Create the user with adduser (you can add whichever option you like).
  useradd -m -s /bin/false $iuser

  # Assign the password to the user.
  # Password is passed via stdin, *twice* (for confirmation).
  passwd $iuser <<< "$ipasswd"$'\n'"$ipasswd"

done < <(paste users.txt passwords.txt)
mklement0
  • 382,024
  • 64
  • 607
  • 775
Malik Adeel Imtiaz
  • 27
  • 2
  • 9
  • 3
    There is no such thing as a 'SUDO Permission'. Authorization for the sudo command is defined in the `/etc/sudoers` file and `/etc/sudoers.d` directory, see the `sudoers (5)` manual page. See also https://stackoverflow.com/questions/323957/how-do-i-edit-etc-sudoers-from-a-script on ideas on editing it via script (I'd recommend writing a file to `sudoers.d` instead). – Michael Jaros Apr 19 '21 at 07:18
  • @MalikAdeelImitiaz : I don't understand your question - do you want to know what to do that a user can use `sudo` with this script? In this case this should be asked on [su]. Or do you want to write a script which automatically edits the _sudoers_ file? In this case, we need to see some code from your side. – user1934428 Apr 19 '21 at 09:11
  • @user1934428 thanks for your reply. i just want to know that if i run the above mentioned script it create the users and password from the files (user.txt and passowrd.txt) but did not gave them SUDO permission. I want the script to give users SUDO permission. – Malik Adeel Imtiaz Apr 19 '21 at 10:05
  • Then follow the advice given in the comment by Michael Jaros, and if anything is still unclear, ask this on [su]. – user1934428 Apr 19 '21 at 10:13
  • @MichaelJaros thanks for your reply.{on ideas on editing it via script (I'd recommend writing a file to sudoers.d instead)}. Appreciated if you please share the updated code with me. – Malik Adeel Imtiaz Apr 19 '21 at 10:15
  • 1
    @MalikAdeelImtiaz You can expect people here to help when you are stuck with specific programming questions, but you can't expect them to analyze your situation (e.g. what sudo config do you need), read the docs, and write your code for you. – Michael Jaros Apr 19 '21 at 14:32

1 Answers1

0

The following extends the original code as follows:

  • It specifies a(n additional) group to add users to.

  • That group:

    • can be an existing group that is assumed to already be sudo-enabled, such as the sudo group on Ubuntu.
    • If it doesn't exist, it is created, and sudo-enabled via a dedicated file in directory /etc/sudoers.d/ named for the group - see the code and man sudoers for details.

  • In the user-creation loop, each newly created user is added to that group with usermod:
    sudo usermod <user> -G <group>

    • Note: You should also be able to do this as part of the useradd call.

This should sudo-enable all newly created users.

Note:

  • Providing passwords via plain-text files is a security risk.
  • For an explanation of the techniques used in the user-creation (while) loop, see this answer.
#!/usr/bin/env bash

# The sudo-enabled user group to add users to.
# Either choose a preexisting one, such as 'sudo' on Ubuntu, or
# specify a new group to create and sudo-enable on demand (see below).
sudoEnabledGroup='foosudo'

# Test if the group exists.
[[ -z $(awk -F: -v g=$sudoEnabledGroup '$1==g' /etc/group) ]] && groupExists=0 || groupExists=1

# If the group doesn't exist yet, create it on demand and sudo-enable it.
# Note: Deactive this `if` statement, if the group must already exist.
if (( ! groupExists )); then
  printf "Creating group: %s...\n" $sudoEnabledGroup
  # Create the group.
  sudo groupadd $sudoEnabledGroup || exit
  # Sudo-enable it, via a dedicated file in directory /etc/sudoers.d/, named for the group.
  # CAUTION: The following enables the MOST PRIVILEGES POSSIBLE for the given
  #          group. See `man sudoers`, section "SUDOERS FILE FORMAT" for details.
  customSudoerFile=/etc/sudoers.d/$sudoEnabledGroup
  printf "... and sudo-enabling it via file $customSudoerFile.\n" $sudoEnabledGroup
  sudo sh -c "echo '%$sudoEnabledGroup ALL=(ALL:ALL) ALL' >$customSudoerFile"
fi

# Loop over the user names and passwords from the input files.
usersFile="users.txt"
# CAVEAT: Providing passwords via plain-text file is a SECURITY RISK.
passwdFile="passwords.txt"

printf "Creating users from files '%s' and '%s' and assigning them to group '%s'...\n" "$usersFile" "$passwdFile" $sudoEnabledGroup

while read user passwd; do

  printf "  Creating user: %s...\n" $user

  # Create the user.
  sudo useradd -m -s /bin/bash $user || exit

  # Add it to the the sudo-enabled group designated above.
  sudo usermod $user -G $sudoEnabledGroup || exit

  # Assign the password to the user.
  # Password is passed via stdin, *twice* (for confirmation).
  # This will print something like the following:
  #   "Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully"
  # You can suppress with 2>/dev/null, but that would also mask true errors.
  sudo passwd $user <<< "$passwd"$'\n'"$passwd" || exit

done < <(paste "$usersFile" "$passwdFile")

printf 'Done.\n'
mklement0
  • 382,024
  • 64
  • 607
  • 775