Update create-user.sh

create-user.sh

@@ -1,57 +1,74 @@
 #!/bin/bash
 
 echo "== Flexible User Creation Script =="
-echo
 
-read -p "Username to create (required): " USERNAME </dev/tty
+# Prompt for username
-if [[ -z "$USERNAME" ]]; then
+printf "Username to create (required): "
+IFS= read -r NEWUSER_NAME </dev/tty
+if [[ -z "$NEWUSER_NAME" ]]; then
     echo "Error: Username is required."
     exit 1
 fi
 
-read -p "Paste the SSH public key: " PUBKEY </dev/tty
+# Prompt for SSH public key
-if [[ -z "$PUBKEY" ]]; then
+printf "Paste the SSH public key: "
+IFS= read -r NEWUSER_PUBKEY </dev/tty
+if [[ -z "$NEWUSER_PUBKEY" ]]; then
     echo "Error: Public key is required."
     exit 1
 fi
 
-read -p "Comma-separated groups to add (e.g. sudo,docker): " GROUPS </dev/tty
+# Prompt for group(s)
+printf "Comma-separated groups to add (e.g. sudo,docker): "
+IFS= read -r NEWUSER_GROUPS </dev/tty
 
-# DEBUG LINE
+# Create user if needed
-echo "[DEBUG] Raw GROUPS value: '$GROUPS'"
+if id "$NEWUSER_NAME" &>/dev/null; then
-
+    echo "[*] User '$NEWUSER_NAME' already exists. Skipping creation."
-# Create the user if not exists
-if id "$USERNAME" &>/dev/null; then
-    echo "[*] User '$USERNAME' already exists. Skipping creation."
 else
-    echo "[+] Creating user: $USERNAME"
+    echo "[+] Creating user: $NEWUSER_NAME"
-    useradd -m -s /bin/bash "$USERNAME"
+    useradd -m -s /bin/bash "$NEWUSER_NAME"
 fi
 
-# Add user to groups if any were entered
+# Add to groups (if provided)
-if [[ -n "$GROUPS" ]]; then
+if [[ -n "$NEWUSER_GROUPS" ]]; then
-    echo "[+] Adding $USERNAME to groups: $GROUPS"
+    echo "[+] Adding $NEWUSER_NAME to groups: $NEWUSER_GROUPS"
-    usermod -aG "$GROUPS" "$USERNAME"
+    usermod -aG "$NEWUSER_GROUPS" "$NEWUSER_NAME"
 fi
 
-# Setup SSH
+# Optional: ask for passwordless sudo if 'sudo' is included
-SSH_DIR="/home/$USERNAME/.ssh"
+if [[ "$NEWUSER_GROUPS" == *sudo* ]]; then
-AUTHORIZED_KEYS="$SSH_DIR/authorized_keys"
+    printf "Allow passwordless sudo for this user? [y/N]: "
-mkdir -p "$SSH_DIR"
+    IFS= read -r NEWUSER_SUDO_NOPASS </dev/tty
-touch "$AUTHORIZED_KEYS"
+    if [[ "$NEWUSER_SUDO_NOPASS" =~ ^[Yy]$ ]]; then
-chmod 700 "$SSH_DIR"
+        echo "[+] Enabling passwordless sudo for $NEWUSER_NAME"
-chmod 600 "$AUTHORIZED_KEYS"
+        echo "$NEWUSER_NAME ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$NEWUSER_NAME"
-chown -R "$USERNAME:$USERNAME" "$SSH_DIR"
+        chmod 440 "/etc/sudoers.d/$NEWUSER_NAME"
+    else
+        echo "[*] Skipping passwordless sudo."
+    fi
+fi
 
-# Add SSH key if not present
+# Setup SSH access
-if grep -Fxq "$PUBKEY" "$AUTHORIZED_KEYS"; then
+NEWUSER_HOME="/home/$NEWUSER_NAME"
+NEWUSER_SSH_DIR="$NEWUSER_HOME/.ssh"
+NEWUSER_AUTH_KEYS="$NEWUSER_SSH_DIR/authorized_keys"
+
+mkdir -p "$NEWUSER_SSH_DIR"
+touch "$NEWUSER_AUTH_KEYS"
+chmod 700 "$NEWUSER_SSH_DIR"
+chmod 600 "$NEWUSER_AUTH_KEYS"
+chown -R "$NEWUSER_NAME:$NEWUSER_NAME" "$NEWUSER_SSH_DIR"
+
+# Add key if not already present
+if grep -Fxq "$NEWUSER_PUBKEY" "$NEWUSER_AUTH_KEYS"; then
     echo "[*] Public key already present. Skipping."
 else
-    echo "$PUBKEY" >> "$AUTHORIZED_KEYS"
+    echo "$NEWUSER_PUBKEY" >> "$NEWUSER_AUTH_KEYS"
     echo "[+] Public key added."
 fi
 
 echo
-echo "[✓] User '$USERNAME' setup complete."
+echo "[✓] User '$NEWUSER_NAME' setup complete."
-[[ -n "$GROUPS" ]] && echo "[✓] Groups added: $GROUPS"
+[[ -n "$NEWUSER_GROUPS" ]] && echo "[✓] Groups added: $NEWUSER_GROUPS"
 echo "[✓] SSH access configured."