Migrating users/groups from one server to another
WARNING: These migration commands are completely untested by me...just jotting down these research notes for future testing.
Commands to run on old server
Copy accounts to passwd.mig using awk to filter out system accounts (i.e. only copy user accounts)
Code:
awk -v LIMIT=1000 -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd > /tmp/passwd.mig
Copy groups to group.mig
Code:
awk -v LIMIT=1000 -F: '($3>=LIMIT) && ($3!=65534)' /etc/group > /tmp/group.mig
Copy shadow to shadow.mig
Code:
awk -v LIMIT=1000 -F: '($3>=LIMIT) && ($3!=65534) {print $1}' /etc/passwd | tee - |egrep -f - /etc/shadow > /tmp/shadow.mig
Copy gshadow to gshadow.mig (rarely used):
Code:
cp /etc/gshadow /tmp/gshadow.mig
Backup the home directories.
Code:
tar -zcvpf /tmp/home.tar.gz /home
If you have Samba users...
Code:
cp /etc/samba/smb.conf /tmp/smb.mig
cp /etc/samba/smbusers /tmp/smbusers.mig
cp /etc/samba/smbpasswd /tmp/smbpasswd.mig
Transfer the migration files to new server.
Code:
scp /tmp/*.mig administrator@newserver:/tmp/.
scp /tmp/home.tar.gz administrator@newserver:/tmp/.
Commands to run on new server
Backup current files (and their backups).
Code:
mkdir /root/save
cp /etc/passwd /etc/passwd- /etc/shadow /etc/shadow- /etc/group /etc/group- /etc/gshadow /etc/gshadow- /root/save
If you have Samba users, backup your current files.
Code:
cp /etc/samba/smb.conf /etc/samba/smbusers /etc/samba/smbpasswd /root/save
Merge/Overwrite files.
Code:
cat /tmp/passwd.mig >> /etc/passwd
cat /tmp/group.mig >> /etc/group
cat /tmp/shadow.mig >> /etc/shadow
cp /tmp/gshadow.mig /etc/gshadow
Ensure file ownership and permissions are correct.
Code:
chown root:shadow /etc/shadow /etc/gshadow
chmod 640 /etc/shadow /etc/gshadow
chown root:root /etc/passwd /etc/group
chmod 644 /etc/passwd /etc/group
If you have Samba users...
Code:
cp /tmp/smb.mig /etc/samba/smb.conf
cp /tmp/smbusers.mig /etc/samba/smbusers
cp /tmp/smbpasswd.mig /etc/samba/smbpasswd
Extract home directories.
Code:
cd /
tar -zxvf /tmp/home.tar.gz
Reboot system for new user accounts to take effect.
Replacing a server with a new one
If you want to keep SSH keys and the fingerprint from changing when swapping out an old server for a new one (e.g. old FTPS server to new FTPS), these are the steps needed to keep the system looking the same. (I think...but will know when I upgrade my FTPS server)
The old server name and the new server name must batch. Example: srv-ftps
Make sure the sshd configuration files on both servers are pointing to the same files (filenames and paths)
Code:
vi /etc/ssh/sshd_config
Look for section like this:
Code:
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
If there are differences, figure out if they matter and if so, make sure the transferred files on the new server are being referenced correctly in the config file on the new server.
Commands to run on old server
Transfer files to new server
Code:
scp /etc/ssh/ssh_host* administrator@newserver:/tmp/.
Commands to run on new server
Backup existing files
Code:
mkdir /root/ssh-backup
cp /etc/ssh/ssh_host* /root/ssh-backup/.
Set correct file ownership and permissions
Code:
chown root:root /tmp/ssh_host*
chmod 600 /tmp/ssh_host*
chmod 644 /tmp/ssh_host*.pub
Move and overwrite files to correct location
Code:
mv /tmp/ssh_host* /etc/ssh/.
Restart SSH daemon
Code:
service ssh restart
You will also want to copy over individual user's public keys in their ~/.ssh/authorized_keys but if you transferred the contents of the /home folder, this was already done.
Bookmarks