Function to generate a random 12-character password

In Linux systems, managing user accounts, permissions, and access control can become quite complex, especially when needing to grant access to specific directories for different users. Automating these tasks is essential to save time and minimize human error. The Bash script below simplifies these tasks by automating user creation, generating secure SSH RSA keys, and setting ACL (Access Control List) permissions for a specific directory. This article walks you through how the script works and how it can be customized for different environments.

Overview of the Script

This Bash script achieves several objectives:

Create a New User: A new user is created with a random 12-character password.
Generate SSH RSA Keys: The script automatically generates a secure 4096-bit RSA key for the user.
Set Directory Permissions: It sets up ACL permissions to provide the user read/execute access to a specific directory.
Create Symlinks: A symbolic link (symlink) is created to give the user easy access to the assigned directory.
Generate and Display Password: The password for the SSH key is generated and displayed at the end.

Let’s break down each step in detail.

Step 1: User Input

read -p "Enter the username you wish to use: " username
read -p "Enter the directory where you want the user to have access (e.g., /path/to/directory): " access_dir
read -p "Enter the symlink name (e.g., images): " symlink_name

The script starts by prompting the user for three inputs:

Username: The name of the new user to be created.
Access Directory: The directory where the user will be granted access. This should be specified fully (e.g., /path/to/directory).
Symlink Name: A human-readable name for the symbolic link in the user's home directory, making access to the directory easier.

Step 2: Creating the User

useradd "$username" && \
chage -m 0 -M 99999 -I -1 -E -1 "$username"

The useradd command creates the new user specified by the username variable. After creating the user, password expiry options are configured using the chage command to ensure the password doesn’t expire by default.

Step 3: Creating the Home Directory

mkdir "/home/$username" && \
chown "$username:$username" "/home/$username"

After the user is created, the script sets up the home directory under /home/$username, then assigns ownership of the directory to the new user.

Step 4: Generating SSH RSA Key

sudo -u "$username" ssh-keygen -t rsa -b 4096 -f "/home/$username/.ssh/$username" -N "$password"

The script generates a 4096-bit RSA key, which is a strong encryption standard. The key is saved in the user’s .ssh directory, and a randomly generated password is assigned to protect the private key.

Step 5: Setting ACL Permissions

setfacl -Rm u:"$username":rx "$access_dir"

ACL permissions allow for more fine-grained control over file and directory access than traditional Unix file permissions. The setfacl command assigns read and execute permissions (rx) to the user for the specified access_dir. This ensures the user can access files in the directory while maintaining necessary security controls.

Step 6: Creating Symlink

ln -s "$access_dir" "/home/$username/$symlink_name" && \
chown "$username:$username" "/home/$username/$symlink_name"

A symbolic link is created in the user’s home directory, pointing to the access_dir. This allows the user to easily navigate to the directory without typing the full path. The script also assigns ownership of the symlink to the user.

Step 7: Verifying Permissions and Outputting Password

getfacl -p "$access_dir"
echo "The RSA key password for user $username is: $password"

Finally, the script displays the ACL permissions on the directory for verification and outputs the generated RSA key password for the user.

Why Use ACL for Directory Permissions?

Using ACLs instead of traditional Unix permissions (chmod) gives more flexibility when managing permissions for multiple users or groups. With ACL, you can provide different levels of access for different users without changing the default group or owner of a directory.

Practical Application

This script is highly useful for system administrators who need to manage multiple users, especially in web hosting environments where each user must have access to a specific website or directory (such as /path/to/directory). By automating user setup and directory permissions, this script saves time and reduces the potential for misconfigurations.

Customization

You can easily adapt the script to fit your environment. For example:

Change the password generation logic if you prefer a different complexity for the passwords.
Modify the permissions granted with setfacl to fine-tune user access, depending on your security needs.

Conclusion

This Bash script is an efficient way to automate the creation of users, generate secure SSH RSA keys, and set ACL permissions for specific directories. By using a combination of commands like useradd, setfacl, and ssh-keygen, system administrators can ensure that users have the appropriate access to directories in a secure and controlled manner.

Full Bash Script

#!/bin/bash

# Function to generate a random 12-character password
generate_password() {
    tr -dc 'A-Za-z0-9' </dev/urandom | head -c 12
}

# Prompt for the username
read -p "Enter the username you wish to use: " username

# Prompt for the access directory
read -p "Enter the directory where you want the user to have access (e.g., /path/to/directory): " access_dir

# Prompt for the symlink name
read -p "Enter the symlink name (e.g., images): " symlink_name

# Generate a random 12-character password
password=$(generate_password)

echo "Creating user $username..."
# Add the user and set password expiry options
useradd "$username" && \
chage -m 0 -M 99999 -I -1 -E -1 "$username" && \
echo "User $username created successfully."

echo "Creating home directory for $username..."
# Create home directory for the user and set ownership
mkdir "/home/$username" && \
chown "$username:$username" "/home/$username" && \
echo "Home directory for $username created successfully."

echo "Generating SSH RSA key for $username..."
# Create the .ssh directory
sudo -u "$username" mkdir -p "/home/$username/.ssh" && \

# Generate SSH RSA key with the generated password, without user prompt
sudo -u "$username" ssh-keygen -t rsa -b 4096 -f "/home/$username/.ssh/$username" -N "$password" && \
echo "SSH RSA key generated successfully for $username."

echo "Setting ACL permissions on $access_dir for $username..."
# Set ACL permissions on the specified directory
setfacl -Rm u:"$username":rx "$access_dir" && \
echo "ACL permissions set successfully on $access_dir."

echo "Creating symlink /home/$username/$symlink_name..."
# Create the symlink in the user's home directory
ln -s "$access_dir" "/home/$username/$symlink_name" && \

# Change ownership of the symlink
chown "$username:$username" "/home/$username/$symlink_name" && \
echo "Symlink /home/$username/$symlink_name created successfully."

echo "Displaying ACLs of $access_dir for verification..."
# Display ACLs of the directory for verification
getfacl -p "$access_dir"

# Output the generated RSA key password
echo "The RSA key password for user $username is: $password"