passwd and shadow - manual modifications
 

Hi

I have several servers with different users and I need to group them into a single server. So I need to add old users from external servers to a passwd and shadow files.

There are several things in which I am not sure how it works.

It is possible to edit the passwd and the shadow file in runtime? So that I can for example copy the shadow and passwd file from /etc/... to a temporary directory (passwd.back shadow.back). Here I delete the unneeded users and add the new from the external servers with - cat shadow_old >> shadow.back. (here the shadow_old contains only the needed users from the other server, the system and other users are deleted from it) This way I get a shadow.back with new users inserted into it from another shadow file (same for passwd). The root and the system users stays the same.

Can I this manually formatted shadow and passwd file just copy from the temporary directory to the running servers /etc/shadow and /etc/passwd file?

I take care about the UIDs and home-directories of course. (I mean there will be no users with same UID)

Will this work?

One more question - are there any illegal characters which cannot be used in /etc/passwd file???
Just curious because the webmin allows you to put into a shadow any type of character. I noticed that when the local admins started to put strange characters in the full names of users there appeared for example the semicolon ';'. (local cauntry special characters like - š,ľ,č.é ...) When I saw this I started to thinking about what would happen if some of this guys put into this section the ':' character.

Thanks for your help.

Your questions twist up a little.. but here's the skinny.

You can manually modify either as much as you like and the changes will be immediate.

What you propose - to manually merge the users from different servers - will work perfectly as long as each user ends up with a unique UID. When making your modifications, because it's not just a simple change, you should keep a backup of the original so you have something to revert to if necessary.

Once you've modified passwd to suit your needs, putting all the users as they should be etc. run "pwconv". This will update shadow with the new users without breaking the password hashes of the old users. Then just copy the password hashes for each user from the other servers shadow file replacing the "x" in each case. As soon as you write the file the changes will be made.

One thing you may not know about is the tool "vipw". It's basically an editor but specifically for passwd files, helping you to not make critical mistakes. Read "man vipw". "vipw" opens your passwd file with your editor. "vipw -s" opens shadow.

Sorry I was woken up in the middle of my sleep (server error) and I'm a bit exhausted.
Thanks for your answer.
I think that I was missing exactly this. (Breaking the password hashes)

This command will sort a passwd format file by uid (the number) making it easier to find any duplicates that merging may have introduced:

Thanks for your answers.
Now I completed the passwd and shadow merging successfully. I use the useful tools vipw and vigr for modifications.
The pwck showed me several errors in the passwd and shadow files which helped me to solve some problems. Great.
Finally the pwconv worked with no problem.