Linux User Migration: Preserving UIDs, GIDs, Passwords & Permissions When Migrating Servers


1 views

When transferring Linux users between systems, these critical files must be copied:

/etc/passwd      # User account information
/etc/shadow      # Encrypted passwords
/etc/group       # Group definitions
/etc/gshadow     # Group passwords
/etc/sudoers     # Sudo permissions

To maintain file permissions and ownership, include these directories in your migration:

/home/*          # User home directories
/var/spool/mail  # User mailboxes
/etc/skel        # Default user template files

Here's a bash script to automate the process:

#!/bin/bash
# Define source and destination
SRC="/"
DEST="/mnt/new_root"

# Copy critical account files
cp -p $SRC/etc/passwd $DEST/etc/
cp -p $SRC/etc/shadow $DEST/etc/
cp -p $SRC/etc/group $DEST/etc/
cp -p $SRC/etc/gshadow $DEST/etc/
cp -p $SRC/etc/sudoers $DEST/etc/

# Preserve home directories
rsync -a $SRC/home/ $DEST/home/

# Optional: Copy mail directories
rsync -a $SRC/var/spool/mail/ $DEST/var/spool/mail/

After migration, verify the transfer with these commands:

# Check user accounts
getent passwd | wc -l
getent group | wc -l

# Verify password hashes
sudo grep '^root:' /etc/shadow

# Test file ownership
ls -ln /home
  • UID/GID conflicts with existing system users
  • Password hash algorithm differences between systems
  • SELinux context mismatches on RedHat-based systems
  • Missing home directory quotas

For larger deployments, consider LDAP integration:

# Install LDAP tools
sudo apt-get install libnss-ldap libpam-ldap ldap-utils

# Configure nsswitch.conf
passwd:         files ldap
group:          files ldap
shadow:         files ldap

When moving Linux users to new hardware, these are the critical files that maintain user/group information:

/etc/passwd       # User account information
/etc/shadow       # Encrypted passwords
/etc/group        # Group definitions
/etc/gshadow      # Group passwords

To maintain file permissions and ownership, you'll need to ensure UID/GID consistency. First dump current permissions:

# Backup ownership info
find / -printf "%U:%G %m %p\n" > /tmp/ownership_backup.txt

After migration, you can restore permissions with:

while read -r line; do
  IFS=' ' read -r ugid perm path <<< "$line"
  chown "$ugid" "$path"
  chmod "$perm" "$path"
done < /tmp/ownership_backup.txt

For Ubuntu 12.04, use rsync to copy authentication files:

rsync -avz /etc/passwd user@newserver:/etc/
rsync -avz /etc/shadow user@newserver:/etc/
rsync -avz /etc/group user@newserver:/etc/
rsync -avz /etc/gshadow user@newserver:/etc/

Alternatively, for a complete user environment migration:

# Copy home directories
rsync -avz /home/ user@newserver:/home/

# Copy mail spool if applicable
rsync -avz /var/spool/mail/ user@newserver:/var/spool/mail/

After migration, verify consistency with these commands:

# Check user mappings
getent passwd | wc -l
getent group | wc -l

# Verify password hashes
sudo grep '^root:' /etc/shadow | cut -d: -f2

For systems using LDAP or other authentication methods:

# Check authentication configs
cat /etc/nsswitch.conf
cat /etc/pam.d/system-auth

When dealing with service accounts:

# List system accounts with no login
getent passwd | grep -v '/bin/bash' | grep -v '/bin/sh'