Migrate User Accounts from one CentOS server to another CentOS server

Contents

There are many articles that suggest that simply copying certain files from one CentOS to another CentOS server will be sufficient enough to migrate the user accounts along with their permissions and passwords.  Other arguments suggest that certain files such as the passwd and shadow files should never be manually edited; but the caveat is that there is no “utility” to modify these files in the context of this article.  Things are complicated further when the old CentOS server is 6.x and the new CentOS server is 7.x.

Articles suggest that the following four files are needed:

  • /etc/group
  • /etc/shadow
  • /etc/passwd
  • /etc/gshadow

These four files are the inspiration of my approach.  I took a quick peak at the /home directory to see what I was dealing with.  From there took a more extensive look at each of the four files mentioned above.

Gather Information

This example is adapted from my actual approach. Here we are gathering information from the original CentOS 6 server. Only some of this will be reused on the new CentOS 7.

# /home
ls -1 /home
user1
user2
user3

# /etc/passwd
# In CentOS6, user accounts start at 500 and in CentOS7 start at 1000.
cat /etc/passwd | grep -E "*:[5][0-9][0-9]:*"
user1:x:500:500:user:/home/user1:/bin/bash
user1:x:501:501:user:/home/user2:/bin/bash
user1:x:502:502:user:/home/user3:/bin/bash

# /etc/group
# Search for user1, user2, and user3 in any group that they may exist in.
getent group
or
cat /etc/group | grep -E "[0-9][0-9][0-9]:*"
users:x:1001:user1,user2,user3
user1:x:500:user1
user2:x:502:user2
user3:x:503:user3

# /etc/gshadow
users:!::user1,user2,user3
user1:!::
user2:!::
user3:!::

# /etc/shadow
user1:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999:::
user2:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999:::
user3:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999:::

Create Users and Modify File Permissions

What I failed to mention, data was also copied from the old server to the new server to a space, /users/. This space is associated with old user and group numbers.
Now that the information is gathered from the old CentOS, I created the new users and their respective group on the new CentOS 7 server, as follows:

mkdir /users/user{1,2,3}
groupadd users
for user in user1 user2 user3; do useradd -G users ${user}; done
for user in user1 user2 user3; do
chmod 2755 /users/${user}
chown ${user}:users /users/${user}
chmod 2770 /users/${user}/*
done

Since the users were created and so their respected groups, the /etc/group, /etc/passwd, and /etc/gshadow exist. However the contents of the /etc/shadow need modification. Overwrite the usernames user1, user2, and user3 with the data from the the CentOS6 server.

user1:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999:::
user2:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999:::
user3:$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:16196:0:99999:::

The users should be able to logon to the new CentOS7 server with their original passwords and have access to their original content.