5:49 - Thursday, 17 April 2014

How Can I Quickly Add A Lot Of Users To An Ubuntu Server From The Command-line?

I’ve just become familiar with basic usage of adduser. I’d like to eliminate the interaction/prompts. Since I’ll be rebuilding this machine often, I’d like to script the process or at worst just copy and paste a complete statement that adds the user to the right group and sets the password in one command.

Something like:
sudo adduser username1 password primarygroup secondarygroup,ternarygroup “full name1″
sudo adduser username2 password primarygroup secondarygroup,ternarygroup “full name2″
sudo adduser username3 password primarygroup secondarygroup,ternarygroup “full name3″
sudo adduser username4 password primarygroup secondarygroup,ternarygroup “full name4″

sudo adduser username999 password primarygroup secondarygroup,ternarygroup “full name999″

Type “man adduser” at a shell prompt. It will give you documentation on how to use adduser. In general, man will give you documentation on any CLI command.

But you really want to use useradd and not adduser.

In short:

useradd -c "Real Name" -m -g primarygroup -G secondarygroup1,secondarygroup2 username

Oh, and if you want to set the password at the same time, you have to pre-encrypt it. I continually rewrite this little program to do Unix-standard salt encryption:

#include #include int main(int argc, char *argv[]) {        char *salt;        if (argc  3) {                fprintf(stderr, "Usage: %s string [salt]n", argv[0]);                exit(1);        } else {                if ( argc == 2 ) {                        salt = argv[1];                } else {                        salt = argv[2];                }                printf("%sn", crypt(argv[1], salt));                exit(0);        }}

With this compiled as crypt, you can then add the option:

-p `crypt password`

Ideally, you don’t ever want to put passwords in a command line, though, as there are multiple places it can show up (ps output, shell history, etc.), none of which are particularly secure.

You can create a file containing the list of usernames, etc., and use the newusers command. It wants the file to look like the format of /etc/passwd with a few exceptions, one is that the password is plain text (newusers encrypts it).

newusers userfile.txt

It doesn’t handle multiple groups, though.

If you need to add that many users and are constantly rebuilding machines then it might warrant using Puppet. That’s a fairly simple recipe in itself and you can expand from there to cover other tasks.

Since it’s ubuntu, the syntax is slightly different. It probably matches debian:

adduser --gecos "Real Name" --gid PRIMARYGROUP USERNAMEusermod -G SECONDARYGROUP1,SECONDARYGROUP2 -p $(openssl passwd -1 -salt shaker "USERPASSWORD") USERNAME

You can record an interactive session of adduser with autoexpect, then create a template where you will substitute usernames etc.

you may want to abstract your users away from /etc/passwd and use LDAP. as an added bonus, you’ll get consistent users across multiple machines. combine this with Puppet and you can sync your NSS/PAM configs across every machine easily.