I've been tasked with migrating information and accounts from one linux server to another. I feel confident administrating Linux servers, but I've never tried a move like this.
Googling around, I found this article. http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/
It was greatly helpful. However, I have a few questions still remaining…
-
I still don't understand how shadow passwords are made. If I just drag and drop users from /etc/passwd and /etc/shadow, will it actually work? How do I ensure the password hashes are made the same? What about salts?
-
If I need to refactor user / group IDs, will
$ usermod -g (newgid) username
on the to-move machine modify the id's on the to-move user's files?
Best Answer
For the first question, there is no salt issue if your shadow file is with $1$FZPUn/2R$JsQCE3TP3Uraez2P8ISIh0 password format (with a dollar, a number, a dollar at the beginning). Because, the salt ils the first part between the next dollars (FZPUn/2R in my example). The crypted password is on the rest. See man crypt, at the 'Glibc Notes' section for details.
So you can move your shadow file without risk.
For the second part, I prefer edit /etc/passwd file directly and change the groupe manualy. Your method is maybe the best (because of lock).
Don't forget files : if you change UID or GID, you must chown each to authorize your user to read his files !