How to Avoid Locking Yourself Out of Linux
Writing bash scripts to automate user account management
“I’ve locked myself out of my VM — I can’t access it!”
It can happen. It happens to every developer at least once in their lifetime.
Let’s find a way to avoid having to start setting up all over again, or purging your entire virtual machine because you’ve been locked out.
It’s common when working with Virtualization there will be a need to manage users and accounts manually but this is not very efficient. Let's write a bash script that can handle authentication for a new User.
We begin by initializing the script as a file that can be accessed by Bash on our machine, using the hashbang !#.
This hashbang will set up the program loader with an instruction to run the program /bin/sh or /bin/bash then pass /path/to/script as the first argument.
Let’s use the following in our own script.
#!/env/bin/bashThis will be at the top of filename.sh , the file we will need to create.
Next, we will write a small bash statement to handle our authentication — like a champ!
It will allow only Users with Permissions from the Sudo Group to make additional Users with the exact same level of access. This will give the new users Sudo Permissions.
# CHECK SUDO USER GROUP ASSOCIATION
if ! [ $(id -u) = 0 ]; then
echo "I am not root! You cannot give sudo power to a new user!"
exit 1
else
echo "You have granted Sudo powers to a New user"
sudo adduser developer
sudo usermod -aG sudo developer
su - developer
fiThus, we’ve now allowed the current user to add a new user named Developer .
Only when this Bash script is ran directly on the machine, will we see these affects.
Thanks to this script being written specifically for users with Sudo permissions you won’t be able to run it correctly unless you use sudo sh ./filename.sh with root permissions. Let’s run it with Sudo and give it a try.
With this new user added to the boot loader of the system you will be asked a few questions to verify their permissions:
Enter the new value, or press ENTER for the defaultFull Name []: Room Number []: Work Phone []:Home Phone []:Other []:
These questions can be entered via the command line prompt/terminal and will be for your own reference.
It’s recommended to save this information for your own records but this can also be skipped by using the Enter key to continue.
Once you’ve filled out these values, you’ll be presented with an option to accept these changes into the bootloader of your system.
Is the information correct? [Y/n] Type Y and hit Enter to proceed with finalizing the new user account.
As you can see in the bash script, we’re calling the Usermod on this new user account. This is because we need to giveSudo permissions to the newly created account. You can leave this command out or modify this line in the script if you don’t want a user to have Sudo permissions.
The script should then hand off the new user account to your bash session via su.
The SU command allows for your current running user to be switched to another user within the same session. Note: a password must be provided in order to swiftly switch to a different user. Without entering a password, the user session will return to the current user and will not switch.
With that said, you have successfully run a script that can create users for you. It also protects you from locking yourself out because you cannot successfully change your own user permissions or alter the state of other users without Sudo permissions already enabled.
Happy coding!
