Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Migrate Password/User Database to another server

Posted on 2003-03-25
8
Medium Priority
?
230 Views
Last Modified: 2010-04-20
Hi guys,

I'm running a customized version of RedHat and I would like to swap the server I'm having with a new one. The new one has the OS installed correctly already, but I would like to know if it is possible to migrate the users and their passwords (!) to the new server.

The idea is that I would like to swap them without the user noticing.

If this is possible, how? And are there any concequences?

Thanks

Wim
0
Comment
Question by:Wimmeke
  • 4
  • 4
8 Comments
 
LVL 1

Author Comment

by:Wimmeke
ID: 8207700
I also have to mention that I have a directory-tree which uses these accounts in it's security info. So I would also like to know how to copy this tree over to another server, while keeping the security settings.
0
 
LVL 13

Accepted Solution

by:
rhinoceros earned 1000 total points
ID: 8207833
I had done the same case as before, my server is normally running for job now by follow steps.

Take the copy of files "passwd" , "group" , "shadow" , "gshadow" to move to new server on the same location.

Please don't use the 'cp" command, run "tar"

e.g. tar zcvf group.tgz /etc/group (backup)
e.g  tar xzvf group.tgz (restore)

It will keep all permission & ownership during tar processing, Noramlly it's worked.


Except the user/password

Other important point:
My Case : tranferred from Redhat 7.2 to Redhat 8.0
After tar, I found out some services could be started. Because the installation of Redhat 7.2 & 8.0 has some different. Like as SSH, SMTP privilege had been missed from the group/passwd file.

e.g.
group named file "sshd:x:74
passwd named file "sshd:x:74:74:Privilege -separted SSH:/var/empty/sshd:/sbin:/nologin"

Copy above original priviliege setting from the original file to the replaced file. Anyway compare the new & old  file before tar as well.



I hope it can help.
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 8207847
I suggest you copy the original files of new server to other place for backup at first. If failed, use those files for recovery back to normal as well.


After tar, the root account password will be changed as old server's root password, please noted.



I hope it can help.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:Wimmeke
ID: 8207957
Thanks rhinoceros,

I will give this a try when the new server gets delivered and will tell you my findings afterwards

Probably this will be thursday night

Wim
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 8215128
Except the username/password, like as /home folder will be created when the new account created. If SMTP service installed, it also create mailbox in /var/spool/mail.


Example:

As before, we mirgated the mail server from Redhat 7.2 to Redhat 8.0 O/S. Except username/password system files,  we also tar (copy) "/home" & "var/spool/mail" folders to the new server to run our service again.


In conclusion, you should clear what service you will need, then copy what kinds of file with their request from the existing server. You must take a fully testing before real migration as well.


I hope it can help.
0
 
LVL 1

Author Comment

by:Wimmeke
ID: 8228372
Well, I have taken what I could get from the old server. I wanted to get a copy of the /etc dir, but I failed to do this.

However, I have all the encrypted passoword stringsof all users. I believe them to be MD5? It's something like 5shXns;hes54d4z7 for every user.

I created all existing users on the new box with the same password.

Is there a way to copy the old encrypted stings somewhere into the new system and give the users their old passwords back?

There are a lot of them and it would be a nightmare to explain how to change their passwords in their mail clients etc.

Thanks
0
 
LVL 13

Expert Comment

by:rhinoceros
ID: 8228954
How to copy (tar) those files in /etc ???

(Backup)
tar -zcvf group.tgz /etc/group
tar -zcvf shadow.tgz /etc/shadow
tar -zcvf passwd.tgz /etc/passwd ......

(Restore)
(go to '/' directory, due to backup from /etc, so it will restore for full path as /etc/group , then directly locate on the same place as well)

copy *.tgz /
cd /
tar -xzvf group.tgz /etc/group
tar -xzvf shadow.tgz /etc/shadow......

It will remind all original permission like as the old server.


Overall, you copy (tar) the four system file "group", "passwd", "shadow", "gshadow" to the new server, it will be kept all old account & password. But you must use the 'vi' editor only when need to edit.



More Information:
The /etc/passwd file, which contains information about all users, including their encrypted password, is readable by all users, making it possible for any user to get the encrypted password of everyone on the system. Though the passwords are encrypted, password-cracking programs are widely available. To combat this growing security threat, shadow passwords were developed.......................

http://www.europe.redhat.com/documentation/HOWTO/User-Authentication-HOWTO/x57.php3


I hope it can help.

0
 
LVL 1

Author Comment

by:Wimmeke
ID: 8229120
Thanks. It would be great if I could still do that, but my old server and it's backup tape are completely wrecked.

However I still had a list of all users and their MD5 passwords. What I did is the following:

I created each and every user manually like on the old server. I gave them a temporary password.

This password was stored as MD5 in the shadow file. I've overwritten the password part with the old MD5 strings and everyone has it's old password again.

So, my problem is solved.

Rhinoceros, thanks for your outstanding help.

Greetings

Wim
Brussels, Belgium

0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month12 days, 5 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question