Networking

Unix and Linux network configuration. Multiple network interfaces. Bridged NICs. High-availability network configurations.

Applications

Reviews of latest Unix and Linux software. Helpful tips for application support admins. Automating application support.

Data

Disk partitioning, filesystems, directories, and files. Volume management, logical volumes, HA filesystems. Backups and disaster recovery.

Monitoring

Distributed server monitoring. Server performance and capacity planning. Monitoring applications, network status and user activity.

Commands & Shells

Cool Unix shell commands and options. Command-line tools and application. Things every Unix sysadmin needs to know.

Home » Commands & Shells, Featured, Security

Bulk Create Linux Users using Salt

Submitted by on October 9, 2020 – 1:48 pm

Recently I ran into a situation where hundreds of VMs recently built via OpenShift/Ansible automation were missing an important local user account used for security audits. While our automation guys were working on tracking down and fixing the build configuration, I needed to add the account manually.

Luckily for me, we also use SaltStack for ad-hoc tasks: a sort of SSH on steroids, if you will. Automation is great when it works right. When it doesn’t, things get screwed up on a massive scale and may require manual intervention.

So, step one was to generate the hash for the default password used by the missing account:

read -s p
# type your password here and hit enter
h="$(perl -MPOSIX -le 'chomp($p=$ARGV[0]); @i = ("a".."z", "A".."Z", 0..9, ".", "/"); $s .= $i[rand @i] for 1..16; print crypt($p, "\$$s");' -- "$p")"
unset p

Now we can use Salt to create the user:

# What the account should look like in /etc/passwd
svcaudit:x:33333:103:System Audit:/home/svcaudit:/bin/bash

# How to add it with Salt
salt --output=txt -L "$(cat server_list.txt)" user.add svcaudit
uid=33333 gid=103 groups=sysadmins home=/home/svcaudit shell=/bin/bash
fullname="System Audit"

And set the user’s password:

# Use Salt to propagate the hash to the servers on your list'
salt --output=txt -L "$(cat server_list.txt)" shadow.set_password svcaudit "$h"

 

Print Friendly, PDF & Email

Leave a Reply