Migration of Linux Machines
Hi,
I have a Redhat Linux 7.2 installed on my system. I am trying to migrate the entire setup to another machine. The new machine has Redhat Enterprise 3.0 installed. I just want to know if the following procedure will work.
append the existing password files to the new machines.
append the existin group file to the new machine.
append the existing shadow file to the new machine.
Check for duplicates and remove them. Make necessary changes in uid's and gid's.
Back up mysql database and restore it on the new machine.
Copy CVS repository and change ownership accordingly on the newmachine.
Kindly advise on this.
Thanks
Walter.
I have a Redhat Linux 7.2 installed on my system. I am trying to migrate the entire setup to another machine. The new machine has Redhat Enterprise 3.0 installed. I just want to know if the following procedure will work.
append the existing password files to the new machines.
append the existin group file to the new machine.
append the existing shadow file to the new machine.
Check for duplicates and remove them. Make necessary changes in uid's and gid's.
Back up mysql database and restore it on the new machine.
Copy CVS repository and change ownership accordingly on the newmachine.
Kindly advise on this.
Thanks
Walter.
ahoffmann
sounds good (if users/groups and mysql and CVS data is all you need)
appending the old files to the existing files on the new machines will -- if it works -- make a mess, since the UID/GIDs will very likely overlap. additionally, if the password hashes are different (say your old machine hashed them using MD5 and your new one uses blowfish,) it's just going to blow up. If the hash method is the same, copying the files over will likely work, but you'll have to go over the files manually and very carefully to make sure that the GIDs and UIDs do not overlap. I can't speak to MySQL problems or CVS concerns.
ASKER
Hi dp,
Other than manually checking the logins, how else can I check what encryption each of the machine uses.
Thanks,
walter.
Other than manually checking the logins, how else can I check what encryption each of the machine uses.
Thanks,
walter.
If they're both RedHat, see this post:
http://www.redhat.com/archives/linux-security/1999-November/msg00012.html by "Michael H. Warfield" <mhw wittsend com>
"You could grep the files in /etc/pam.d looking for the "md5" token.
In particular, look for a line like this in /etc/pam.d/passwd (which
configures pam for the passwd app which is what creates the hashes):
password required /lib/security/pam_pwdb.so use_authtok nullok md5 shadow
That might be more reliable. If you take a system that has BEEN
using des password hashes in /etc/passwd and convert it to use shadow with
md5 hashes, you will discover that your /etc/shadow file still contains
only des hashes immediately after convertion and prior to anyone changing
their password. Reason... There is no (and can not be an) algorithm
for converting from md5 hashes to des hashes or vice-versa. The result
of this is that the pam modules must be able to handle and check either
algorithm while new passwords (changed or new accounts) get hashed by
the algorithm of choice at the time they are created."
I would suggest you try this first with one user (or create a new user on the old system for test purposes) and migrate that user first to test this. If successful, then you know that it's OK to do larger amounts of users.
http://www.redhat.com/archives/linux-security/1999-November/msg00012.html by "Michael H. Warfield" <mhw wittsend com>
"You could grep the files in /etc/pam.d looking for the "md5" token.
In particular, look for a line like this in /etc/pam.d/passwd (which
configures pam for the passwd app which is what creates the hashes):
password required /lib/security/pam_pwdb.so use_authtok nullok md5 shadow
That might be more reliable. If you take a system that has BEEN
using des password hashes in /etc/passwd and convert it to use shadow with
md5 hashes, you will discover that your /etc/shadow file still contains
only des hashes immediately after convertion and prior to anyone changing
their password. Reason... There is no (and can not be an) algorithm
for converting from md5 hashes to des hashes or vice-versa. The result
of this is that the pam modules must be able to handle and check either
algorithm while new passwords (changed or new accounts) get hashed by
the algorithm of choice at the time they are created."
I would suggest you try this first with one user (or create a new user on the old system for test purposes) and migrate that user first to test this. If successful, then you know that it's OK to do larger amounts of users.
ASKER
These are the settings on my Linux 7.2 machine
auth required /lib/security/pam_stack.so
account required /lib/security/pam_stack.so
password required /lib/security/pam_stack.so
and the RH ES 3.0 has
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth.
I guess creating the user and testing it for migration is the easiet option.
Thanks.
auth required /lib/security/pam_stack.so
account required /lib/security/pam_stack.so
password required /lib/security/pam_stack.so
and the RH ES 3.0 has
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth.
I guess creating the user and testing it for migration is the easiet option.
Thanks.
cc: guess
MYSQL : the best way to take mysql back up is to tar /var/lib/mysql and transfer it on the new machine and untar under the same direcorty, this will take all yr datas and tables along, just make sure u r running identical versions of mysql. or use the mysql-dump command...with shifting /var/lib/mysql, i have taken backup till 2 GB without a hitch
USERS : u need /etc/passwd, /etc/shadow, /etc/groups, users i think u are talking abt regular users, UID > 500, the same u can do it with rsync, but a matter of opinion, dump the users in plain text file and re-create them, as u are not planning to take along the home dir of the users...u can use a script for automated user creation
CVS : use rsync, this is best to preserve all the permissions and settings as it is
"rsync -avuz 'ssh' /usr/local/cvsroot <remotesystem>:/usr/local/
hope this helps ...
USERS : u need /etc/passwd, /etc/shadow, /etc/groups, users i think u are talking abt regular users, UID > 500, the same u can do it with rsync, but a matter of opinion, dump the users in plain text file and re-create them, as u are not planning to take along the home dir of the users...u can use a script for automated user creation
CVS : use rsync, this is best to preserve all the permissions and settings as it is
"rsync -avuz 'ssh' /usr/local/cvsroot <remotesystem>:/usr/local/
hope this helps ...
ASKER
Hi Jadav,
The reason for backing up the users is also because I need to backup their home directories.
Thanks.
The reason for backing up the users is also because I need to backup their home directories.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thx :-)
ASKER
Hi,
My home partitions were on a nfs server. When i mount the home partitions on the new linux machine the group permissions of the home directories are changed to a groupr say tom. they are having the correct permissions on the old system say group peter. Now when i try to do chgrp peter /home/user1 -R it changes the permission to peter. But it also modifies the group on the old system to say harry. How can i avoid this.
Thanks
Walter.
My home partitions were on a nfs server. When i mount the home partitions on the new linux machine the group permissions of the home directories are changed to a groupr say tom. they are having the correct permissions on the old system say group peter. Now when i try to do chgrp peter /home/user1 -R it changes the permission to peter. But it also modifies the group on the old system to say harry. How can i avoid this.
Thanks
Walter.
> How can i avoid this
you need to have the same password and group file on both sides: NFS server and NHS client
you need to have the same password and group file on both sides: NFS server and NHS client
Agreed, the passwd and grp file shd be same on both the systems, and then rsync the dir, so it will not mess up with the permissions