Migrate users from one Linux machine to another - gHacks Tech News

Migrate users from one Linux machine to another

Have you ever had a need to migrate current running Linux users from installation to another? That would be a simple task if the user count was low. But  what happens when the user count is in the hundreds? What do you do then? If you're not using LDAP, you know you will have to migrate the users' data, passwords, etc from the old machine to the new. Believe it or not, this is just a matter of a few commands - not necessarily simple commands, but it's not as complex as you would think.

In this article I am going to show you how to make this migration so your Linux users do not loose their data and their passwords are all retained.

What we migrating

The list is fairly simple:

  • /etc/passwd - Contains information about the user.
  • /etc/shadow - Contains the encrypted passwords.
  • /etc/group - Contains group information.
  • /etc/gshadow - Contains group encrypted passwords.
  • /var/spool/mail - Contains users email (the location will depend upon the mail server you use).
  • /home/ - Contains users data.

Unfortunately these files can not simply be copied from one machine to another - that would be too easy.  Just make sure you enter the following commands correctly.

Source machine

These are the commands you will need to run on the machine you are migrating users FROM. I will assume you are doing this on a system that uses a root user (such as Fedora), so all commands will be done as root:

mkdir ~/MOVE

The above command creates a directory to house all of the files to be moved.

export UGIDLIMIT=500

The above command sets the UID filter limit to 500. NOTE: This value will be dictated by your distribution. If you use Red Hat Enterprise Linux, CentOS, or Fedora this value is shown in the command above. If you use Debian or Ubuntu that limit is 1000 (not 500).

awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > ~/MOVE/passwd.mig

The above command copies only user accounts from /etc/passwd (using awk allows us to ignore system accounts.)

awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > ~/MOVE/group.mig

The above command copies the /etc/group file.

awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > ~/MOVE/shadow.mig

The above command copies the /etc/shadow file.

cp /etc/gshadow ~/MOVE/gshadow.mig

The above command copies the /etc/gshadow file.

tar -zcvpf ~/MOVE/home.tar.gz /home

The above command archives /home.

tar -zcvpf ~/MOVE/mail.tar.gz /var/spool/mail

The above command archives the mail directory. NOTE: If you are using Sendmail this is the correct directory. If you are using Postfix that directory most likely will be /etc/postfix.

Now it's time to move everything in ~/MOVE over to the new server. You can do this using the scp command like so:

scp -r ~/MOVE/* [email protected]_OF_NEW_SERVER:/home/USER/

Where USER is the username you will use to send the file and IP_OF_NEW_SERVER is the address of the new server. NOTE: If this server is not on line yet you can always copy these files onto a thumb drive and move them that way.

Target machine

Now we're working on the new server. Follow these commands (run as the root user):

mkdir ~/newsusers.bak

The above command will create a new directory that will house the backup of the current users.

cp /etc/passwd /etc/shadow /etc/group /etc/gshadow ~/newsusers.bak

The above command will copy the necessary files to the new backup directory.

cat passwd.mig >> /etc/passwd
cat group.mig >> /etc/group
cat shadow.mig >> /etc/shadow
/bin/cp gshadow.mig /etc/gshadow

The above commands will restore all password files onto the new system. NOTE: Where /PATH/TO/DIRECTORY is the location where you copied the files onto the new system.

cd /
tar -zxvf /PATH/TO/DIRECTORY/home.tar.gz

The above commands will first change you to the / directory and then unpack the archived /home directory. NOTE: Where /PATH/TO/DIRECTORY is the location where you copied the files onto the new system.

cd /
tar -zxvf /PATH/TO/DIRECTORY/mail.tar.gz

The above commands will first change you to the / directory and then unpack the archived/var/spool/mail directory. NOTE: Where /PATH/TO/DIRECTORY is the location where you copied the files onto the new system.

You can now reboot your system with the users in place.

  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:


    1. The Mighty Buzzard said on February 10, 2010 at 8:43 pm

      You don’t really need to reboot, being as it’s linux and you haven’t switched kernels. Mostly you just need to know which, if any, services need to be restarted.

    2. Rishabh Agarwal said on February 11, 2010 at 7:10 am

      Indeed Valuable. Thanks for the share :)

    3. Phil said on March 2, 2010 at 10:44 pm

      Great write up…One question though..Can you add one step that tells what to do if your using Dovecot also?

    4. ray said on November 8, 2010 at 1:32 pm

      Thanks a lot for that! Very useful article!

      best regards

    5. John said on January 12, 2011 at 10:57 pm

      What if there are more than 15K accounts with /var/spool/mail = 400Gb and /home=218Gb
      This is a single machine.

    6. technologyvidya said on January 14, 2011 at 5:55 pm

      really inforamative thanks for the post..

    7. John said on January 19, 2011 at 5:27 pm

      What if it is in the thousands….say 20K users?

    8. Pat Emblen said on February 18, 2011 at 8:58 am

      With regard to the shadow file line:
      awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534) {print $1}’ /etc/passwd | tee – |egrep -f – /etc/shadow > ~/MOVE/shadow.mig
      I got caught here with a user named “mo” causing a match for daemon and haldaemon
      Could I suggest changing {print $1} to {print $1″:”} and egrep -f to egrep -wf.
      This ‘top and tails’ the match expression.

    9. Shubham Gupta said on July 5, 2011 at 2:09 pm

      Informative post !! TY for sharing.

    10. Chris said on March 4, 2012 at 8:06 pm

      Thanks, this was exactly what I needed. Saved me loads of time and I also learnt commands i didn’t know as not got huge Linux experience.

      Great tutorial. Thanks again.

    11. Anonymous said on April 23, 2012 at 5:44 pm

      When I try to run the command for the group.mig I receive this message:
      [[email protected] move]# awk -v LIMIT=$UGIDLIMIT -F: .($3>=LIMIT) && ($3!=65534). / etc/group > ~/MOVE/group.mig
      -bash: syntax error near unexpected token `(‘

      I just copied and pasted the commnd into the session. Can someone tell me what I’ve done wrong?

    12. Steve Kile said on July 1, 2012 at 3:14 am

      When you copied and pasted the line, it dropped the single quotes. It did the same thing to me.

    13. John said on August 22, 2012 at 6:00 pm

      Gee, this looks very similar (the commands, file names used for backups, etc) to a 2006 page at http://www.cyberciti.biz/faq/howto-move-migrate-user-accounts-old-to-new-server/

    Leave a Reply