Softpanorama
May the source be with you, but remember the KISS principle ;-)

Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Copying config files from one RHEL server to another

Moving /etc/passwd and /etc/shadow

News Installation Recommended Books Recommended Links Anaconda Reference
Modifying ISO image to include kickstart file Installation of Red Hat from a USB drive Kickstart Pre- and Postinstall Scripts NTP configuration Xinetd Loopback filesystem
Oracle Linux Administration Networking Move config files from one server to another Humor Etc

Generally for the same major and minor version of RHEL you can "borrow" most of config files from a similar server. That reduces time and effort to get a new server to required configuration.  If you just copy /etc/passwd  /etc/shadow, /etc/gshadow and /etc/group files you can save some time on setting user accounts is a long time Unix tradition.

With time  it became more questionable as it involves more files and the fact that set of predefined accounts changes in RHEL rather quickly, often from one minor version to another, to say nothing about changing of major version.

So more correctly we can say about "implanting" user accounts, not so much about full copy of files such as /etc/passwd.

Files

Fragments from

Directories

Reproduce registration

If you do is with attention to details and verified diffs it should work.

Files used in RHEL for traditional Linux user management

It's better to use the script to recreate them from the old files, then blindly copy them in RHEL.


Top updates

Softpanorama Switchboard
Softpanorama Search


NEWS CONTENTS

Old News ;-)

Move user accounts from old Linux server to a new Linux server

Nasser Heidari

Following files/dirs are required for traditional Linux user management:

- /etc/passwd - contains various pieces of information for each user account
- /etc/shadow – contains the encrypted password information for user’s accounts and optional the password aging information.
- /etc/group – defines the groups to which users belong
- /etc/gshadow – group shadow file (contains the encrypted password for group)
- /var/spool/mail – Generally user emails are stored here.
- /home – All Users data is stored here.

————-
Backup Routine:
————-

# mkdir /root/move/
# export UGIDLIMIT=500
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /root/move/passwd.mig
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > /root/move/group.mig
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow >  /root/move/shadow.mig
# cp /etc/gshadow /root/move/gshadow.mig
# tar -zcvpf /root/move/home.tar.gz /home
# tar -zcvpf /root/move/mail.tar.gz /var/spool/mail

————- Move Backup Files to New Linux Server: ————-

scp -r /root/move/* nasser@linax.wordpress.com:/var/tmp

- Restore : -

# mkdir /root/newsusers.bak

# cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak

# cd /var/tmp

# cat passwd.mig >> /etc/passwd

# cat group.mig >> /etc/group

# cat shadow.mig >> /etc/shadow

# /bin/cp gshadow.mig /etc/gshadow

# cd /

# tar -zxvf /var/tmp/home.tar.gz

# tar -zxvf /var/tmp/mail.tar.gz

Move or migrate user accounts from old Linux server to a new Linux server by

December 13, 2006

You can migrate users from old Linux server to new Linux sever with standard commands such as tar, awk, scp and others.

Following files/dirs are required for traditional Linux user management:

You need to backup all of the above files and directories from old server to new Linux server.

Commands to type on old Linux system

First create a tar ball of old uses (old Linux system). Create a directory:
# mkdir /root/move/
Setup UID filter limit:
# export UGIDLIMIT=500
Now copy /etc/passwd accounts to /root/move/passwd.mig using awk to filter out system account (i.e. only copy user accounts)
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /root/move/passwd.mig
Copy /etc/group file:
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > /root/move/group.mig
Copy /etc/shadow file:
# awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > /root/move/shadow.mig
Copy /etc/gshadow (rarely used):
# cp /etc/gshadow /root/move/gshadow.mig
Make a backup of /home and /var/spool/mail dirs:
# tar -zcvpf /root/move/home.tar.gz /home
# tar -zcvpf /root/move/mail.tar.gz /var/spool/mail

Where,

Use scp or usb pen or tape to copy /root/move to a new Linux system.
# scp -r /root/move/* user@new.linuxserver.com:/path/to/location

Commands to type on new Linux system

First, make a backup of current users and passwords:

# mkdir /root/newsusers.bak
# cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak

Now restore passwd and other files in /etc/
# cd /path/to/location
# cat passwd.mig >> /etc/passwd
# cat group.mig >> /etc/group
# cat shadow.mig >> /etc/shadow
# /bin/cp gshadow.mig /etc/gshadow

Please note that you must use >> (append) and not > (create) shell redirection.

Now copy and extract home.tar.gz to new server /home
# cd /
# tar -zxvf /path/to/location/home.tar.gz

Now copy and extract mail.tar.gz (Mails) to new server /var/spool/mail
# cd /
# tar -zxvf /path/to/location/mail.tar.gz

Now reboot system; when the Linux comes back, your user accounts will work as they did before on old system:
# reboot

Please note that if you are new to Linux perform above commands in a sandbox environment. Above technique can be used to UNIX to UNIX OR UNIX to Linux account migration. You need to make couple of changes but overall the concept remains the same.

Moving /etc/passwd and /etc/shadow in a read-only system Red Hat 6

redrat

Hello, everybody,

i'm using Red Hat 6, I have two partitions in my computer:

I want to keep theses partitions.

I create new accounts with the
command useradd and passwd but it doesn't
run because the files /etc/passwd and /etc/shadow are in the read-only
partition.

Well, I use this solution:

I move the files /etc/passwd
and /etc/shadow to /var partition which is in read-write :
mv /etc/passwd /var
mv /etc/shadow /var

and I create these symbolics links :

ln -s /var/passwd /etc/passwd
ln -s /var/shadow /etc/shadow

When I reboot my system, i can login in red hat with my root account.

But when i open a shell console and i want to create new accounts with useradd and passwd : it doesn't run.

The system don't succeed to write in /var/passwd and /var/shadow and I don't know why.

Anyone has a solution to my problem ?


Thank you.

acid_kewpie

Rep:

erm, the solution is to NOT have a read only / partition. Why on earth would you do that??

redrat

Rep: The context is an engeneering project for which i must keep the / partition in read-only mode.

I don't have to put this / partition in read-only mode, it's a requirement.

So another solution ?

tbrand

Registered: Jul 2006

Location: Toronto, Canada

Distribution: gentoo

Posts: 33

Rep:

I'm assuming that useradd and passwd cannot open the symbolic links for writing because they are in read only file system.

If you are using only the most basic functionality of useradd it would not be too difficult to write your own ``useradd'' that updates /var/passwd and /var/shadow directly. To encrypt passwords use the crypt() function.

John VV

Rep:

a requirement is to NEVER be able to install updates
never add users
never fix anything
never add software
????

you are out of luck

if everything but the logs are read ONLY
you do not.

you might boot into the "recovery" mode on the install dvd and after " chroot /mnt/sysimage "
edit the files in VI ( or nano )

chrism01

Rep:

As above, you seem to be shooting yourself in the foot, but if you want it ro most of the time, but root may add users etc, then consider (as root)

Code:

mount -o remount,rw /

useradd ...

mount -o remount,ro /
and so on for updates to OS SW. Don't forget also that with RH derived systems, you'll run into SELinux issue if you try to move/link protected files around.

Reuti

Rep:

There is the option -P to useradd to specify a different directory for the files in question.

redrat

Rep: Red Hat :where i can find the source code of useradd
Hello,

in the installation cd of RHEL6, I have the package shadow-utils-4.1.4.2-9.el6.i686.rpm,

i got the binary of useradd , but i can't find the source code?

Anyone have a suggestion to find this ?

Thanks.

09-08-2011, 11:00 AM #9

andrewthomas

http://rpm.pbone.net/index.php3/stat...-9.el6.src.rpm

John VV

Rep:

Quote: in the installation cd of RHEL6, I have the package shadow-utils-4.1.4.2-9.el6.i686.rpm,
red hat requires a paid for license to install software. use your paid for and activated account and install the source from the rhn

Code:

su -
yum search shadow-utils
that will give you a listing .There will be a "-devel" or if you turned on the source rpeo then there will also be a src.rpm
then install it

but on a READONLY /
you can not install anything
there is no way to install any program to a read only /

anomie

Quote:

Originally Posted by redrat

The context is an engeneering project for which i must keep the / partition in read-only mode.

I don't have to put this / partition in read-only mode, it's a requirement.

Having only two filesystems (read-only / and read-write /var) is not feasible.

Just for many processes to run you need a writable /tmp. And many package installations will require a writable /bin, /usr, /lib, /etc, and/or /sbin (in addition to /var).

Back to the drawing board with the project requirements. Your engineers do not seem to have thought this through very carefully.

redrat

Rep: Hello, everybody,

I am treating my problem with the two partitions:
- the / partition in read-only ;
- the /var partition in read-write which will contain the files passwd, login, shadow, gshadow.

I got the package shadow-utils-4.1.4.2-9.el6.src.rpm which contains the source codes of the executables useradd, login, passwd ...

In this package there is the file "defines.h" which contains these lines:

#ifndef PASSWD_FILE
#define PASSWD_FILE "/etc/passwd"
#endif

#ifndef GROUP_FILE
#define GROUP_FILE "/etc/group"
#endif

#ifndef SHADOW_FILE
#define SHADOW_FILE "/etc/shadow"
#endif

#ifdef SHADOWGRP
#ifndef SGROUP_FILE
#define SGROUP_FILE "/etc/gshadow"
#endif
#endif

I replace theses lines by :

#ifndef PASSWD_FILE
#define PASSWD_FILE "/var/passwd"
#endif

#ifndef GROUP_FILE
#define GROUP_FILE "/var/group"
#endif

#ifndef SHADOW_FILE
#define SHADOW_FILE "/var/shadow"
#endif

#ifdef SHADOWGRP
#ifndef SGROUP_FILE
#define SGROUP_FILE "/var/gshadow"
#endif
#endif

I run the script "configure"( which is in the package) to get the Makefile, then i execute the command "make".

I got the new executables useradd, passwd, login ...

I replace the old executables by the new ones (in the repertories /usr/sbin; /usr/bin or /bin).

I move the files passwd, login, shadow, gshadow to /var.

I create these links :
ln -s /var/passwd /etc/passwd
ln -s /var/shadow /etc/shadow
ln -s /var/gshadow /etc/gshadow
ln -s /var/group /etc/group

I test the solution:

Well i can :

-add a user;
-create a password;
-change a password of a user;

But when i reboot the computer, the system recognize no users at the startup (user created or user root).

I don't understand why ?

Anyone have a suggestion ?

Thanks.

09-12-2011, 08:59 AM #13

kbp

Probably because /var isn't mounted at the right time, can I ask why you're doing this?

redrat

Rep: It's for an engineering project in which the root partition must be in read-only and /var in read-write.

But /var partition is present in /etc/fstab ?

So /var is mounted at the startup of the system ?

It's good or not ?

Reuti

If you changed all programs to look in /var the symbolic links shouldn’t be necessary. Anyway: any out



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: November, 06, 2016