A comprehensive, interactive, and highly robust Bash script designed to manage Linux users, groups, security policies, and bulk operations.
Warning
Learning & Demonstration Purposes Only
This script was developed primarily as a personal project to showcase expertise in advanced Bash scripting, file atomicity, and terminal UI automation. It has not been battle-tested in a real-world enterprise environment and should not be used in a production organization without thorough review.
This script has been successfully tested on the following Vagrant boxes:
- Ubuntu 24.04
- RHEL 9
- Debian 12
- Rocky 9
You can take a look at Vagrantfile in this repository
This project intentionally avoids standard high-level binaries (like useradd or usermod) where possible, opting instead to directly and safely manipulate system files (/etc/passwd, /etc/shadow, etc.) to demonstrate a deep understanding of Linux system internals.
To prevent system corruption, the script never edits live configuration files.
- All modifications are performed on temporary copies in
/tmp/. - Native
pwckandgrpck(in read-only mode) and structuralawkcolumn-checks validate the integrity of the temporary files. - Only if the files pass all validation checks are they atomically swapped (
mv) into/etc/.
Allows administrators to simulate operations without modifying disk state.
- Intercepts the
atomic_commitand outputs a colorizeddiff -ushowing exactly what lines would be changed. - Safely bypasses destructive commands (e.g., environment provisioning, archiving, directory removal).
- Idempotent Backups: Every successful atomic commit triggers a
.tar.gzbackup of the core configuration files to/var/backups/umc/. - Log Rotation: The boot initialization sequence automatically utilizes
findto purge backup archives older than 30 days to prevent disk bloat. - Audit Trails: All actions are logged to the system journal (
journalctl) using theloggerutility with appropriate severity levels.
- A polished, cursor-driven terminal user interface utilizing ANSI escape codes (
\033). - Reusable UI helper functions (
draw_progress,task_status,show_success) that provide staggered, animated feedback during operations. - Centralized prompt handlers (
prompt_for_existing_user) handle input sanitization and existence validation loops globally to keep code DRY (Don't Repeat Yourself).
- User Actions: Provision environments (create users,
skelcopy,chown,chmod 700, SELinuxrestorecon), change shells, migrate home directories, reset passwords (viaopenssl passwd -6), lock/unlock accounts, set expirations, and securely deploy SSH keys. - Group Actions: Create groups, manage group membership across both
groupandgshadowfiles, and safely assign passwordlesssudoprivileges via/etc/sudoers.d/. - Security & Audit: Enforce
login.defspassword complexity, perform global audits (identifying unauthorizedUID 0or empty password accounts), and scan/home/directories for permission violations or orphaned owners. - Bulk Operations: Perform batch imports from CSV/JSON formats, generate user list reports, and clean up orphaned home directories.
Run the script with root privileges (enforced on boot):
# Launch the interactive console
sudo ./umc.sh
# Launch the console in Dry Run mode to preview changes
sudo ./umc.sh --dry-runThe script follows a monolithic, procedural architecture:
- Boot Checks: Enforces
0077umask, checksEUID == 0, identifies the host OS, checks for active file locks (/var/lock/umc.lock), and rotates old backups. - Helper Library: Contains the UI framework, prompt standardizations, system logging functions, and the core
atomic_commitlogic. - Sub-Modules:
USER_ACTIONS,GROUP_ACTIONS,SECURITY_AND_AUDIT,BULK_OPERATION, andSYSTEM_LOGS. - Main Loop: Evaluates user input and routes to the appropriate sub-module.