Linux – How to transfer user accounts to a new Linux machine

linuxmigrationuser-management

I currently have a Linux box hosting our internal Subversion repository. Access to this repository is via svn+ssh with authenticating happening against user accounts on the machine. I have recently acquired a shiny, new box (also installed with Linux) and want to transition the subversion repository across to it (as it has more space across six disks configured using RAID 1+0).

What do I have to do to transfer all the user, group, and file information from the current machine to the new machine so as to minimise the impact on the current users of the repository? My current thoughts are to copy across the relevant entries from the /etc/passwd and /etc/group files (and shadow files?), and to copy the user folders in /home. Is there anything I am missing?

EDIT: Extra info. Old box is Ubuntu 8, new box is Ubuntu 9. There are about a dozen users and a dozen custom groups.

Best Answer

From a cyberciti.biz article:

Following files/dirs are required for traditional Linux user management:

/etc/passwd - contains various pieces of information for each user account

/etc/shadow - contains the encrypted password information for user's accounts and optional the password aging information.

/etc/group - defines the groups to which users belong

/etc/gshadow - group shadow file (contains the encrypted password for group)

/var/spool/mail - Generally user emails are stored here.

/home - All Users data is stored here.

You need to backup all of the above files and directories from old server to new Linux server.

Related Solutions

Linux – Migrating users between Linux servers if the UIDs need to change

For the first question, there is no salt issue if your shadow file is with $1$FZPUn/2R$JsQCE3TP3Uraez2P8ISIh0 password format (with a dollar, a number, a dollar at the beginning). Because, the salt ils the first part between the next dollars (FZPUn/2R in my example). The crypted password is on the rest. See man crypt, at the 'Glibc Notes' section for details.

So you can move your shadow file without risk.

For the second part, I prefer edit /etc/passwd file directly and change the groupe manualy. Your method is maybe the best (because of lock).

Don't forget files : if you change UID or GID, you must chown each to authorize your user to read his files !

Linux – How to run a server on port 80 as a normal user on Linux

Short answer: you can't. Ports below 1024 can be opened only by root. As per comment - well, you can, using CAP_NET_BIND_SERVICE, but that approach, applied to java bin will make any java program to be run with this setting, which is undesirable, if not a security risk.

The long answer: you can redirect connections on port 80 to some other port you can open as normal user.

Run as root:

# iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080

As loopback devices (like localhost) do not use the prerouting rules, if you need to use localhost, etc., add this rule as well (thanks @Francesco):

# iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080

NOTE: The above solution is not well suited for multi-user systems, as any user can open port 8080 (or any other high port you decide to use), thus intercepting the traffic. (Credits to CesarB).

EDIT: as per comment question - to delete the above rule:

# iptables -t nat --line-numbers -n -L

This will output something like:

Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         
1    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:8080 redir ports 8088
2    REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 redir ports 8080

The rule you are interested in is nr. 2, so to delete it:

# iptables -t nat -D PREROUTING 2

Best Answer

Related Solutions

Linux – Migrating users between Linux servers if the UIDs need to change

Linux – How to run a server on port 80 as a normal user on Linux

Related Topic