Migrate users from one Linux machine to another

Jack Wallen
Feb 10, 2010
Updated • Nov 28, 2012

Have you ever had a need to migrate current running Linux users from installation to another? That would be a simple task if the user count was low. But  what happens when the user count is in the hundreds? What do you do then? If you're not using LDAP, you know you will have to migrate the users' data, passwords, etc from the old machine to the new. Believe it or not, this is just a matter of a few commands - not necessarily simple commands, but it's not as complex as you would think.

In this article I am going to show you how to make this migration so your Linux users do not loose their data and their passwords are all retained.

What we migrating

The list is fairly simple:

  • /etc/passwd - Contains information about the user.
  • /etc/shadow - Contains the encrypted passwords.
  • /etc/group - Contains group information.
  • /etc/gshadow - Contains group encrypted passwords.
  • /var/spool/mail - Contains users email (the location will depend upon the mail server you use).
  • /home/ - Contains users data.

Unfortunately these files can not simply be copied from one machine to another - that would be too easy.  Just make sure you enter the following commands correctly.

Source machine

These are the commands you will need to run on the machine you are migrating users FROM. I will assume you are doing this on a system that uses a root user (such as Fedora), so all commands will be done as root:

mkdir ~/MOVE

The above command creates a directory to house all of the files to be moved.

export UGIDLIMIT=500

The above command sets the UID filter limit to 500. NOTE: This value will be dictated by your distribution. If you use Red Hat Enterprise Linux, CentOS, or Fedora this value is shown in the command above. If you use Debian or Ubuntu that limit is 1000 (not 500).

awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > ~/MOVE/passwd.mig

The above command copies only user accounts from /etc/passwd (using awk allows us to ignore system accounts.)

awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > ~/MOVE/group.mig

The above command copies the /etc/group file.

awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > ~/MOVE/shadow.mig

The above command copies the /etc/shadow file.

cp /etc/gshadow ~/MOVE/gshadow.mig

The above command copies the /etc/gshadow file.

tar -zcvpf ~/MOVE/home.tar.gz /home

The above command archives /home.

tar -zcvpf ~/MOVE/mail.tar.gz /var/spool/mail

The above command archives the mail directory. NOTE: If you are using Sendmail this is the correct directory. If you are using Postfix that directory most likely will be /etc/postfix.

Now it's time to move everything in ~/MOVE over to the new server. You can do this using the scp command like so:


Where USER is the username you will use to send the file and IP_OF_NEW_SERVER is the address of the new server. NOTE: If this server is not on line yet you can always copy these files onto a thumb drive and move them that way.

Target machine

Now we're working on the new server. Follow these commands (run as the root user):

mkdir ~/newsusers.bak

The above command will create a new directory that will house the backup of the current users.

cp /etc/passwd /etc/shadow /etc/group /etc/gshadow ~/newsusers.bak

The above command will copy the necessary files to the new backup directory.

cat passwd.mig >> /etc/passwd
cat group.mig >> /etc/group
cat shadow.mig >> /etc/shadow
/bin/cp gshadow.mig /etc/gshadow

The above commands will restore all password files onto the new system. NOTE: Where /PATH/TO/DIRECTORY is the location where you copied the files onto the new system.

cd /
tar -zxvf /PATH/TO/DIRECTORY/home.tar.gz

The above commands will first change you to the / directory and then unpack the archived /home directory. NOTE: Where /PATH/TO/DIRECTORY is the location where you copied the files onto the new system.

cd /
tar -zxvf /PATH/TO/DIRECTORY/mail.tar.gz

The above commands will first change you to the / directory and then unpack the archived/var/spool/mail directory. NOTE: Where /PATH/TO/DIRECTORY is the location where you copied the files onto the new system.

You can now reboot your system with the users in place.


Previous Post: «
Next Post: «


  1. Ben L said on January 19, 2020 at 2:53 am

    This is very useful, thanks for the writeup! I notice one bug… that seems to have not caused problems to anyone else (or, at least, I’ve not seen anyone else complain).

    The upper limit in the awk commands is hard coded at 65534, whereas for Ubuntu, this should be lowered to 29999. You might pull out some accounts you don’t want into the passwd.mg file.

  2. Tomaso said on September 24, 2019 at 2:51 pm

    *very nice, thanks!*

  3. John said on August 22, 2012 at 6:00 pm

    Gee, this looks very similar (the commands, file names used for backups, etc) to a 2006 page at http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/

  4. Steve Kile said on July 1, 2012 at 3:14 am

    When you copied and pasted the line, it dropped the single quotes. It did the same thing to me.

  5. Anonymous said on April 23, 2012 at 5:44 pm

    When I try to run the command for the group.mig I receive this message:
    [root@ServerName move]# awk -v LIMIT=$UGIDLIMIT -F: .($3>=LIMIT) && ($3!=65534). / etc/group > ~/MOVE/group.mig
    -bash: syntax error near unexpected token `(‘

    I just copied and pasted the commnd into the session. Can someone tell me what I’ve done wrong?

  6. Chris said on March 4, 2012 at 8:06 pm

    Thanks, this was exactly what I needed. Saved me loads of time and I also learnt commands i didn’t know as not got huge Linux experience.

    Great tutorial. Thanks again.

  7. Shubham Gupta said on July 5, 2011 at 2:09 pm

    Informative post !! TY for sharing.

  8. Pat Emblen said on February 18, 2011 at 8:58 am

    With regard to the shadow file line:
    awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534) {print $1}’ /etc/passwd | tee – |egrep -f – /etc/shadow > ~/MOVE/shadow.mig
    I got caught here with a user named “mo” causing a match for daemon and haldaemon
    Could I suggest changing {print $1} to {print $1″:”} and egrep -f to egrep -wf.
    This ‘top and tails’ the match expression.

  9. John said on January 19, 2011 at 5:27 pm

    What if it is in the thousands….say 20K users?

  10. technologyvidya said on January 14, 2011 at 5:55 pm

    really inforamative thanks for the post..

  11. John said on January 12, 2011 at 10:57 pm

    What if there are more than 15K accounts with /var/spool/mail = 400Gb and /home=218Gb
    This is a single machine.

  12. ray said on November 8, 2010 at 1:32 pm

    Thanks a lot for that! Very useful article!

    best regards

  13. Phil said on March 2, 2010 at 10:44 pm

    Great write up…One question though..Can you add one step that tells what to do if your using Dovecot also?

  14. Rishabh Agarwal said on February 11, 2010 at 7:10 am

    Indeed Valuable. Thanks for the share :)

  15. The Mighty Buzzard said on February 10, 2010 at 8:43 pm

    You don’t really need to reboot, being as it’s linux and you haven’t switched kernels. Mostly you just need to know which, if any, services need to be restarted.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.