Migrate users from one Linux machine to another
Have you ever had a need to migrate current running Linux users from installation to another? That would be a simple task if the user count was low. But  what happens when the user count is in the hundreds? What do you do then? If you're not using LDAP, you know you will have to migrate the users' data, passwords, etc from the old machine to the new. Believe it or not, this is just a matter of a few commands - not necessarily simple commands, but it's not as complex as you would think.
In this article I am going to show you how to make this migration so your Linux users do not loose their data and their passwords are all retained.
What we migrating
The list is fairly simple:
- /etc/passwd - Contains information about the user.
- /etc/shadow - Contains the encrypted passwords.
- /etc/group - Contains group information.
- /etc/gshadow - Contains group encrypted passwords.
- /var/spool/mail - Contains users email (the location will depend upon the mail server you use).
- /home/ - Contains users data.
Unfortunately these files can not simply be copied from one machine to another - that would be too easy. Â Just make sure you enter the following commands correctly.
Source machine
These are the commands you will need to run on the machine you are migrating users FROM. I will assume you are doing this on a system that uses a root user (such as Fedora), so all commands will be done as root:
mkdir ~/MOVE
The above command creates a directory to house all of the files to be moved.
export UGIDLIMIT=500
The above command sets the UID filter limit to 500. NOTE: This value will be dictated by your distribution. If you use Red Hat Enterprise Linux, CentOS, or Fedora this value is shown in the command above. If you use Debian or Ubuntu that limit is 1000 (not 500).
awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > ~/MOVE/passwd.mig
The above command copies only user accounts from /etc/passwd (using awk allows us to ignore system accounts.)
awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > ~/MOVE/group.mig
The above command copies the /etc/group file.
awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > ~/MOVE/shadow.mig
The above command copies the /etc/shadow file.
cp /etc/gshadow ~/MOVE/gshadow.mig
The above command copies the /etc/gshadow file.
tar -zcvpf ~/MOVE/home.tar.gz /home
The above command archives /home.
tar -zcvpf ~/MOVE/mail.tar.gz /var/spool/mail
The above command archives the mail directory. NOTE: If you are using Sendmail this is the correct directory. If you are using Postfix that directory most likely will be /etc/postfix.
Now it's time to move everything in ~/MOVE over to the new server. You can do this using the scp command like so:
scp -r ~/MOVE/* USER@IP_OF_NEW_SERVER:/home/USER/
Where USER is the username you will use to send the file and IP_OF_NEW_SERVER is the address of the new server. NOTE: If this server is not on line yet you can always copy these files onto a thumb drive and move them that way.
Target machine
Now we're working on the new server. Follow these commands (run as the root user):
mkdir ~/newsusers.bak
The above command will create a new directory that will house the backup of the current users.
cp /etc/passwd /etc/shadow /etc/group /etc/gshadow ~/newsusers.bak
The above command will copy the necessary files to the new backup directory.
cd /PATH/TO/DIRECTORY
cat passwd.mig >> /etc/passwd
cat group.mig >> /etc/group
cat shadow.mig >> /etc/shadow
/bin/cp gshadow.mig /etc/gshadow
The above commands will restore all password files onto the new system. NOTE: Where /PATH/TO/DIRECTORY is the location where you copied the files onto the new system.
cd /
tar -zxvf /PATH/TO/DIRECTORY/home.tar.gz
The above commands will first change you to the / directory and then unpack the archived /home directory. NOTE: Where /PATH/TO/DIRECTORY is the location where you copied the files onto the new system.
cd /
tar -zxvf /PATH/TO/DIRECTORY/mail.tar.gz
The above commands will first change you to the / directory and then unpack the archived/var/spool/mail directory. NOTE: Where /PATH/TO/DIRECTORY is the location where you copied the files onto the new system.
You can now reboot your system with the users in place.
Advertisement
This is very useful, thanks for the writeup! I notice one bug… that seems to have not caused problems to anyone else (or, at least, I’ve not seen anyone else complain).
The upper limit in the awk commands is hard coded at 65534, whereas for Ubuntu, this should be lowered to 29999. You might pull out some accounts you don’t want into the passwd.mg file.
*very nice, thanks!*
Gee, this looks very similar (the commands, file names used for backups, etc) to a 2006 page at http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/
When you copied and pasted the line, it dropped the single quotes. It did the same thing to me.
When I try to run the command for the group.mig I receive this message:
[root@ServerName move]# awk -v LIMIT=$UGIDLIMIT -F: .($3>=LIMIT) && ($3!=65534). / etc/group > ~/MOVE/group.mig
-bash: syntax error near unexpected token `(‘
I just copied and pasted the commnd into the session. Can someone tell me what I’ve done wrong?
Thanks, this was exactly what I needed. Saved me loads of time and I also learnt commands i didn’t know as not got huge Linux experience.
Great tutorial. Thanks again.
Informative post !! TY for sharing.
Thanks!
With regard to the shadow file line:
awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534) {print $1}’ /etc/passwd | tee – |egrep -f – /etc/shadow > ~/MOVE/shadow.mig
I got caught here with a user named “mo” causing a match for daemon and haldaemon
Could I suggest changing {print $1} to {print $1″:”} and egrep -f to egrep -wf.
This ‘top and tails’ the match expression.
What if it is in the thousands….say 20K users?
really inforamative thanks for the post..
What if there are more than 15K accounts with /var/spool/mail = 400Gb and /home=218Gb
This is a single machine.
Thanks a lot for that! Very useful article!
best regards
Great write up…One question though..Can you add one step that tells what to do if your using Dovecot also?
Indeed Valuable. Thanks for the share :)
You don’t really need to reboot, being as it’s linux and you haven’t switched kernels. Mostly you just need to know which, if any, services need to be restarted.