Adding Users to Sudoers Through Shell Script

Adding users to sudoers through shell script

You could simply echo (with elevated privileges, of course) directly to the /etc/sudoers file:

sudo -i
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers
#             ^^
#             tab

(note the tab character between the username and the first ALL)

Or, for a script:

#!/bin/bash
# Run me with superuser privileges
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers

Then save to somefile.sh, chmod a+rx it, and run sudo ./somefile.sh from a terminal window.

To add multiple users, change the script to this;

#!/bin/bash

while [[ -n $1 ]]; do
    echo "$1    ALL=(ALL:ALL) ALL" >> /etc/sudoers;
    shift # shift all parameters;
done

Then, run the script like this (assuming you saved it as addsudousers.sh):

sudo ./addsudousers.sh bob joe jeff

that is, space-separated.

To read the names from a file:

nickw444@laptop ~ $ sudo ./addsudousers.sh `cat listofusers.txt`

listofusers.txt should also be space-separated.

Edit: Jappie Kirk rightly points out that you can't directly call sudo echo ... >> /etc/sudoers because the >> redirection is handled by the shell, which has by that point dropped the superuser privileges. However, if you run a script that contains echo ... >> /etc/sudoers and the script itself has superuser privileges, everything should work just fine.

Create sudo users from script?

visudo honors EDITOR env var which defines the editor program to use.

Thus, you can use sed as editor, tell sed to read commands from STDIN (-f-) and pass the changes to the whole visudo/sed pipline via STDIN.
Example:

echo '$ a # comment' | EDITOR="sed -f- -i" visudo

This will add '# comment' line to the end of sudoers file.
($ instructs sed to append the line to the end of file, 'a' is the command to append followed by the line).

In order to add a sudoer, you will need something like

echo '$ a kirk ALL=(spock) NOPASSWD: ALL' | EDITOR="sed -f- -i" visudo

Note that visudo also does syntax check so it will fail if the command produces broken sudoers file:

root@chi:~# echo '$ a broken directive' | EDITOR="sed -f- -i" visudo
>>> /etc/sudoers: syntax error near line 44 <<<

P.S. Tested with GNU sed 4.2.2. There may be problems with e.g. Busybox sed.

How to give Users SUDO Permission from Bash Script

The following extends the original code as follows:

It specifies a(n additional) group to add users to.
That group:
- can be an existing group that is assumed to already be sudo-enabled, such as the sudo group on Ubuntu.
- If it doesn't exist, it is created, and sudo-enabled via a dedicated file in directory /etc/sudoers.d/ named for the group - see the code and man sudoers for details.
In the user-creation loop, each newly created user is added to that group with usermod:

sudo usermod <user> -G <group>
- Note: You should also be able to do this as part of the useradd call.

This should sudo-enable all newly created users.

Note:

Providing passwords via plain-text files is a security risk.
For an explanation of the techniques used in the user-creation (while) loop, see this answer.

#!/usr/bin/env bash

# The sudo-enabled user group to add users to.
# Either choose a preexisting one, such as 'sudo' on Ubuntu, or
# specify a new group to create and sudo-enable on demand (see below).
sudoEnabledGroup='foosudo'

# Test if the group exists.
[[ -z $(awk -F: -v g=$sudoEnabledGroup '$1==g' /etc/group) ]] && groupExists=0 || groupExists=1

# If the group doesn't exist yet, create it on demand and sudo-enable it.
# Note: Deactive this `if` statement, if the group must already exist.
if (( ! groupExists )); then
  printf "Creating group: %s...\n" $sudoEnabledGroup
  # Create the group.
  sudo groupadd $sudoEnabledGroup || exit
  # Sudo-enable it, via a dedicated file in directory /etc/sudoers.d/, named for the group.
  # CAUTION: The following enables the MOST PRIVILEGES POSSIBLE for the given
  #          group. See `man sudoers`, section "SUDOERS FILE FORMAT" for details.
  customSudoerFile=/etc/sudoers.d/$sudoEnabledGroup
  printf "... and sudo-enabling it via file $customSudoerFile.\n" $sudoEnabledGroup
  sudo sh -c "echo '%$sudoEnabledGroup ALL=(ALL:ALL) ALL' >$customSudoerFile"
fi

# Loop over the user names and passwords from the input files.
usersFile="users.txt"
# CAVEAT: Providing passwords via plain-text file is a SECURITY RISK.
passwdFile="passwords.txt"

printf "Creating users from files '%s' and '%s' and assigning them to group '%s'...\n" "$usersFile" "$passwdFile" $sudoEnabledGroup

while read user passwd; do

  printf "  Creating user: %s...\n" $user

  # Create the user.
  sudo useradd -m -s /bin/bash $user || exit

  # Add it to the the sudo-enabled group designated above.
  sudo usermod $user -G $sudoEnabledGroup || exit

  # Assign the password to the user.
  # Password is passed via stdin, *twice* (for confirmation).
  # This will print something like the following:
  #   "Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully"
  # You can suppress with 2>/dev/null, but that would also mask true errors.
  sudo passwd $user <<< "$passwd"$'\n'"$passwd" || exit

done < <(paste "$usersFile" "$passwdFile")

printf 'Done.\n'

Adding sudo permissions to sudoers for user via shell script

My solution is to have the script ask the user to enter his password and store the value in a variable to be used along with Expect. The script installs Expect if it's not installed and then the script does:

read -p "Please enter your password: " PASSWD
export PASSWD
username=$USER
export username

if [[ ! `sudo -l -U "$USER" 2>&1 | grep "ALL"` ]]; then
  expect -c '
      spawn "su -c \"cat <<EOF >> /etc/sudoers.d/$env(username)
          $env(username) ALL=(ALL:ALL) ALL
          $env(username) ALL=(ALL) NOPASSWD:ALL
EOF
\"
      "
      expect "Password:\r"
      send $env(PASSWD)
      interact
  '
fi

Adding Users to Sudoers Through Shell Script