31

I am migrating over a server to new hardware. A part of the system will be rebuild. What files and directories are needed to copy so that usernames, passwords, groups, file ownership and file permissions stay in intact?

Ubuntu 12.04 LTS.

Mikko Ohtamaa
  • 1,364
  • 3
  • 17
  • 28

3 Answers3

46

Start with

/etc/passwd - user account information less the encrypted passwords 
/etc/shadow - contains encrypted passwords 
/etc/group - user group information 
/etc/gshadow - - group encrypted passwords

Be sure to ensure that the permissions on the files are correct too

user9517
  • 114,104
  • 20
  • 206
  • 289
  • 6
    +1 from me. I wondered about `/home` as well; generally, ssh keys live in the home directories, so `~/.ssh` at least can be considered part of the authentication infrastructure. – MadHatter Mar 20 '14 at 08:33
  • 2
    @MadHatter: In truth I kind of assumed that the OP would know that they needed to copy the user home directories but I guess you never know here on SF :) – user9517 Mar 20 '14 at 08:37
  • 2
    Don't worry, the author knows. – Mikko Ohtamaa Mar 20 '14 at 08:53
  • Excellent, good to have these things spelled out (sorry, Iain)! – MadHatter Mar 20 '14 at 08:55
  • 2
    Although the above will work, you should realy copy over gshadow too. – symcbean Mar 20 '14 at 09:45
  • @symcbean: Ohh cheers - forget that one. – user9517 Mar 20 '14 at 09:49
  • 7
    An important point: this assumes a server with file-based authentication only. To migrate a server that uses e.g. LDAP or NIS these files will not be enough, *especially* if the authentication server is on the same system. Other subsystems (e.g. Samba, SQL) may also have their own authentication databases. – thkala Mar 20 '14 at 16:55
  • 2
    Take care to maintain system accounts that are on the target server that may have not been on the original. Not all distros were created equal. – blee Mar 23 '14 at 02:17
  • Now with more flesh on the bones http://opensourcehacker.com/2014/03/26/linux-server-ghetto-duplication/ – Mikko Ohtamaa Mar 26 '14 at 20:10
14

I did this with Gentoo Linux already and copied:

  • /etc/passwd
  • /etc/shadow
  • /etc/group
  • /etc/gshadow

that's it.

If the files on the other machine have different owner IDs, you might change them to the ones on /etc/group and /etc/passwd and then you have the effective permissions restored.

vanthome
  • 690
  • 5
  • 13
12

Be careful that you don't delete or renumber system accounts when copying over the files mentioned in the other answers. System services don't usually have fixed user ids, and if you've installed the packages in a different order to the original machine (which is very likely if it was long-lived), then they'll end up in a different order. I tend to copy those files to somewhere like /root/saved-from-old-system and hand-edit them in order to just copy the non-system accounts. (There's probably a tool for this, but I don't tend to copy systems like this often enough to warrant investigating one.)

Paul Gear
  • 3,938
  • 15
  • 36