feat: Add User Manager

docs/userguide.md

@@ -30,3 +30,11 @@
 ## Security Features
 
 - **Firewall Baselines**: Sets up firewall rules.
+
+## Utilities
+
+- **Monitor Control**: Controls monitor settings on X11.
+- **Bluetooth Control**: Controls Bluetooth settings.
+- **Wifi Control**: Controls WiFi settings.
+- **Numlock Control**: Sets up Numlock on boot.
+- **User Account Manager**: Manage users and groups.

tabs/utils/tab_data.toml

@@ -65,3 +65,26 @@ script = "monitor-control/scale_monitor.sh"
 name = "Reset Scaling"
 script = "monitor-control/reset_scaling.sh"
 matches = true
+
+[[data]]
+name = "User Account Manager"
+
+[[data.entries]]
+name = "Add User"
+script = "user-account-manager/add_user.sh"
+
+[[data.entries]]
+name = "Change Password"
+script = "user-account-manager/change_password.sh"
+
+[[data.entries]]
+name = "Delete User"
+script = "user-account-manager/delete_user.sh"
+
+[[data.entries]]
+name = "Add User To Groups"
+script = "user-account-manager/add_to_group.sh"
+
+[[data.entries]]
+name = "Remove User From Groups"
+script = "user-account-manager/remove_from_group.sh"

tabs/utils/user-account-manager/add_to_group.sh

@@ -0,0 +1,33 @@
+#!/bin/sh -e
+
+. ./utility_functions.sh
+
+clear
+printf "%b\n" "${YELLOW}Add to group${RC}"
+printf "%b\n" "${YELLOW}=================${RC}"
+
+username=$(promptUsername "" "non-root") || exit 1
+user_groups=$(groups "$username" | cut -d: -f2 | sort | tr '\n' ' ')
+
+clear
+printf "%b\n" "${YELLOW}Groups user $username is in:${RC} $user_groups"
+printf "%b\n" "${YELLOW}=================${RC}"
+
+available_groups=$(cut -d: -f1 /etc/group | sort | tr '\n' ' ')
+
+printf "%b\n" "${YELLOW}Available groups:${RC} $available_groups"
+printf "%b\n" "${YELLOW}=================${RC}"
+
+read -p "Enter the groups you want to add user $username to (space-separated): " groups
+
+checkEmpty "$groups" || exit 1
+checkGroupAvailabe "$groups" "$available_groups" || exit 1
+
+groups_to_add=$(echo "$groups" | tr ' ' ',')
+
+read -p "Are you sure you want to add user $username to $groups_to_add? [Y/N]: " confirm
+confirmAction || exit 1
+
+$ESCALATION_TOOL usermod -aG $groups_to_add "$username"
+
+printf "%b\n" "${GREEN}User successfully added to the $groups_to_add${RC}"

tabs/utils/user-account-manager/add_user.sh

@@ -0,0 +1,23 @@
+#!/bin/sh -e
+
+. ./utility_functions.sh
+
+clear
+printf "%b\n" "${YELLOW}Create a new user${RC}"
+printf "%b\n" "${YELLOW}=================${RC}"
+
+username=$(promptUsername "add" "non-root") || exit 1
+
+# Check if username is valid
+if ! echo "$username" | grep '^[a-z][-a-z0-9_]*$' > /dev/null; then
+    printf "%b\n" "${RED}Username must only contain letters, numbers, hyphens, and underscores. It cannot start with a number or contain spaces.${RC}"
+    exit 1
+fi
+
+password=$(promptPassword) || exit 1
+
+$ESCALATION_TOOL useradd -m "$username" -g users -s /bin/bash
+echo "$username:$password" | $ESCALATION_TOOL chpasswd
+
+printf "%b\n" "${GREEN}User $username created successfully${RC}"
+printf "%b\n" "${GREEN}To add additional groups use Add User To Groups${RC}"

tabs/utils/user-account-manager/change_password.sh

@@ -0,0 +1,16 @@
+#!/bin/sh -e
+
+. ./utility_functions.sh
+
+clear
+printf "%b\n" "${YELLOW}Change password${RC}"
+printf "%b\n" "${YELLOW}=================${RC}"
+
+username=$(promptUsername "" "root") || exit 1
+password=$(promptPassword) || exit 1
+
+read -p "Are you sure you want to change password for $username? [Y/N]: " confirm
+confirmAction || exit 1
+
+echo "$username:$password" | $ESCALATION_TOOL chpasswd
+printf "%b\n" "${GREEN}Password changed successfully${RC}"

tabs/utils/user-account-manager/delete_user.sh

@@ -0,0 +1,23 @@
+#!/bin/sh -e
+
+. ./utility_functions.sh
+
+clear
+printf "%b\n" "${YELLOW}Delete a user${RC}"
+printf "%b\n" "${YELLOW}=================${RC}"
+
+username=$(promptUsername "" "non-root") || exit 1
+
+# Check if current user
+if [ "$username" = "$USER" ]; then
+    printf "%b\n" "${RED}Cannot delete the current user${RC}"
+    printf "%b\n" "${RED}Press [Enter] to continue...${RC}"
+    read dummy
+    return
+fi
+
+read -p "Are you sure you want to delete user $username? [Y/N]: " confirm
+confirmAction || exit 1
+
+$ESCALATION_TOOL userdel --remove "$username" 2>/dev/null
+printf "%b\n" "${GREEN}User $username deleted successfully${RC}"

tabs/utils/user-account-manager/remove_from_group.sh

@@ -0,0 +1,28 @@
+#!/bin/sh -e
+
+. ./utility_functions.sh
+
+clear
+printf "%b\n" "${YELLOW}Remove from group${RC}"
+printf "%b\n" "${YELLOW}=================${RC}"
+
+username=$(promptUsername "" "non-root") || exit 1
+user_groups=$(groups "$username" | cut -d: -f2 | sort | tr '\n' ' ')
+
+clear
+printf "%b\n" "${YELLOW}Groups user $username is in:${RC} $user_groups"
+printf "%b\n" "${YELLOW}=================${RC}"
+
+read -p "Enter the groups you want to remove user from $username (space-separated): " groups
+
+checkEmpty "$groups" || exit 1
+checkGroupAvailabe "$groups" "$user_groups" || exit 1
+
+groups_to_remove=$(echo "$groups" | tr ' ' ',')
+
+read -p "Are you sure you want to remove user $username from $groups_to_remove? [Y/N]: " confirm
+confirmAction || exit 1
+
+$ESCALATION_TOOL usermod -rG $groups_to_remove "$username"
+
+printf "%b\n" "${GREEN}User successfully removed from $groups_to_remove${RC}"

tabs/utils/user-account-manager/utility_functions.sh

@@ -0,0 +1,99 @@
+#!/bin/sh -e
+
+. ../../common-script.sh
+
+# Prompt for username
+promptUsername() {
+    read -p "Enter the username: " username
+
+    checkEmpty "$username";
+
+    if [ "$1" = "add" ]; then
+        checkUserExistence "$username" "$1"
+    else
+        checkUserExistence "$username" "$1"
+        checkReservedUsername "$username" "$2"
+    fi
+    echo "$username"
+}
+
+
+# Prompt for password
+promptPassword() {
+    stty -echo
+    read -p "Enter the password (PASSWORD IS HIDDEN): " password1
+    echo >&2
+    read -p "Re-enter the password (PASSWORD IS HIDDEN): " password2
+    echo >&2
+    stty echo
+
+    if ! checkEmpty "$password1"; then
+        promptPassword
+    fi
+
+    if [ "$password1" != "$password2" ]; then
+        printf "%b\n" "${RED}Passwords do not match${RC}" >&2
+        promptPassword
+    else
+        echo $password1
+    fi
+}
+
+# Check if input is empty
+checkEmpty() {
+    if [ -z "$1" ]; then
+        printf "%b\n" "${RED}Empty value is not allowed${RC}" >&2
+        exit 1
+    fi
+}
+
+# Check if user exists
+checkUserExistence() {
+    if [ "$2" = "add" ]; then
+        if id "$1" > /dev/null 2>&1; then
+            printf "%b\n" "${RED}User already exists${RC}" >&2
+            exit 1
+        fi
+    else
+        if ! id "$1" > /dev/null 2>&1; then
+            printf "%b\n" "${RED}User does not exist${RC}" >&2
+            exit 1
+        fi
+    fi
+}
+
+# Check if user is reserved
+checkReservedUsername() {
+    uid=$(id -u "$1")
+    if [ "$2" = "root" ]; then
+        if [ "$uid" -le 999 ] && [ "$uid" -ne 0 ]; then
+            printf "%b\n" "${RED}Cannot modify system users${RC}" >&2
+            exit 1
+        fi
+    else 
+        if [ "$(id -u "$1")" -le 999 ]; then
+            printf "%b\n" "${RED}Cannot modify system users${RC}" >&2
+            exit 1
+        fi
+    fi
+}
+
+# Check if user is reserved
+confirmAction() {
+    if [ "$confirm" != "y" ] && [ "$confirm" != "Y" ]; then
+        printf "%b\n" "${RED}Cancelled operation...${RC}"
+        exit 1
+    fi
+}
+
+# Check if group is available
+checkGroupAvailabe() {
+    for group in $1; do
+        if ! echo "$2" | grep -wq "$group"; then
+            printf "%b\n" "${RED}Group $group not avaiable${RC}"
+            exit 1
+        fi
+    done
+}
+
+checkEscalationTool