LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-16-2013, 01:53 PM   #1
smilemukul
Member
 
Registered: Jun 2009
Distribution: Redhat,CentOS,Ubuntu,Puppet
Posts: 292

Rep: Reputation: 34
How to automate existing users & groups to other server


I wanted to migrate existing multiple users & groups with same uid & gid from one server to other server.

Can anyone suggest how this can be done through a script.
 
Old 11-16-2013, 07:49 PM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,470

Rep: Reputation: Disabled
It all depends on how your users and groups are stored.

Legacy Unix/Linux systems use simple text files as user and group databases:
  • /etc/passwd contains the user database
  • /etc/shadow contains password hashes for the users in /etc/passwd
  • /etc/group contains all groups
  • /etc/gshadow contains group password hashes
If you just want to copy all user accounts and groups from one system to another, you can simply copy the files. This will of course overwrite the files on the destination system, and any locally defined users/groups will effectively be deleted. Also, the destination system will inherit all UIDs from the source system, which may not be what you want, especially if you're using different distributions (some common system accounts have distribution-specific UIDs).

Keeping user accounts in sync across systems is a really old problem in Unix, and there are several solutions:
  • NIS (originally yp - Yellow Pages) and NIS+ (Solaris only, I believe) are a set of daemons that copy user and group accounts between systems
  • Hesiod is a system that places account information and password hashes in DNS records (not recommended for security reasons)
  • Kerberos uses a centralized user/password database
  • various directory services can be used with LDAP authentication
If you want to keep accounts in sync across many systems, use a directory service. The Linux authentication subsystem can be configured to use LDAP via PAM modules. The most common products are OpenLDAP and Active Directory (yes, really). The latter does not require Windows servers if you use Samba.
 
1 members found this post helpful.
Old 11-17-2013, 12:12 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,412

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
Good answer above....
As mentioned watch out for overlapping accts on the old vs new system. Also, some versions of Linux start non-priv accts at uid 500, some start at 1000.
Do you really just want the accts OR also all the users' files as well?
 
Old 11-18-2013, 10:50 AM   #4
smilemukul
Member
 
Registered: Jun 2009
Distribution: Redhat,CentOS,Ubuntu,Puppet
Posts: 292

Original Poster
Rep: Reputation: 34
We dont have any directory services configured, I am only considering /etc/passwd & /etc/groups & also dont want to copy the whole file to other server.

Can we achieve the same through a simple bash script.
 
Old 11-18-2013, 11:07 AM   #5
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,470

Rep: Reputation: Disabled
Quote:
Originally Posted by smilemukul View Post
We dont have any directory services configured, I am only considering /etc/passwd & /etc/groups & also dont want to copy the whole file to other server.

Can we achieve the same through a simple bash script.
No, because the script would be nothing you could call "simple":
  • How should it parse the files?
  • How should it transfer information between servers?
  • How would it keep track of which servers to include in the synchronization scheme?
  • How should it insert information into the files? What should it do if a file happens to be in use?
  • How would it be able to tell user accounts and system accounts apart?
  • What should it do if an account exists on A but not B? Copy from A to B, or delete on A?
  • What should it do if an account exists on A and B, but the password differs? Which password should it keep?
Etc etc etc. To do this properly, you'd basically have to reinvent NIS and/or a directory service.

Do yourself a favour, and just use NIS or OpenLDAP or Samba. You'll save time and end up with something that's both usable and maintainable.
 
Old 12-20-2013, 12:34 PM   #6
smilemukul
Member
 
Registered: Jun 2009
Distribution: Redhat,CentOS,Ubuntu,Puppet
Posts: 292

Original Poster
Rep: Reputation: 34
yes its possible with simple bash script as I had placed the new users & groups in separate files with same format as /etc/passwd & /etc/group files & used the for loop which worked.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] samba : how to synchronize AD users & groups with Samba users &groups zelycorn Red Hat 5 05-12-2011 10:15 AM
users & groups in server configuration fillman Linux - Server 1 11-13-2009 08:42 AM
Creating Users Into Existing Groups carlosinfl Linux - Server 4 02-07-2007 04:53 PM
users & groups evilDOTnet Fedora 2 06-03-2005 06:17 PM
Groups & Users Obie Linux - Security 3 08-16-2004 05:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration