Contents
There are many articles that suggest that simply copying certain files from one CentOS to another CentOS server will be sufficient enough to migrate the user accounts along with their permissions and passwords. Other arguments suggest that certain files such as the passwd and shadow files should never be manually edited; but the caveat is that there is no “utility” to modify these files in the context of this article. Things are complicated further when the old CentOS server is 6.x and the new CentOS server is 7.x.
Articles suggest that the following four files are needed:
- /etc/group
- /etc/shadow
- /etc/passwd
- /etc/gshadow
These four files are the inspiration of my approach. I took a quick peak at the /home directory to see what I was dealing with. From there took a more extensive look at each of the four files mentioned above.
Gather Information
This example is adapted from my actual approach. Here we are gathering information from the original CentOS 6 server. Only some of this will be reused on the new CentOS 7.
# /home ls -1 /home user1 user2 user3 # /etc/passwd # In CentOS6, user accounts start at 500 and in CentOS7 start at 1000. cat /etc/passwd | grep -E "*:[5][0-9][0-9]:*" user1:x:500:500:user:/home/user1:/bin/bash user1:x:501:501:user:/home/user2:/bin/bash user1:x:502:502:user:/home/user3:/bin/bash # /etc/group # Search for user1, user2, and user3 in any group that they may exist in. getent group or cat /etc/group | grep -E "[0-9][0-9][0-9]:*" users:x:1001:user1,user2,user3 user1:x:500:user1 user2:x:502:user2 user3:x:503:user3 # /etc/gshadow users:!::user1,user2,user3 user1:!:: user2:!:: user3:!:: # /etc/shadow user1:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999::: user2:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999::: user3:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999:::
Create Users and Modify File Permissions
What I failed to mention, data was also copied from the old server to the new server to a space, /users/. This space is associated with old user and group numbers.
Now that the information is gathered from the old CentOS, I created the new users and their respective group on the new CentOS 7 server, as follows:
mkdir /users/user{1,2,3} groupadd users for user in user1 user2 user3; do useradd -G users ${user}; done for user in user1 user2 user3; do chmod 2755 /users/${user} chown ${user}:users /users/${user} chmod 2770 /users/${user}/* done
Since the users were created and so their respected groups, the /etc/group, /etc/passwd, and /etc/gshadow exist. However the contents of the /etc/shadow need modification. Overwrite the usernames user1, user2, and user3 with the data from the the CentOS6 server.
user1:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999::: user2:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999::: user3:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999:::
The users should be able to logon to the new CentOS7 server with their original passwords and have access to their original content.