LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-14-2011, 06:35 PM   #1
hua
Member
 
Registered: Oct 2006
Location: Slovak Republic
Distribution: Slackware 14.2, current
Posts: 463

Rep: Reputation: 79
passwd and shadow - manual modifications


Hi

I have several servers with different users and I need to group them into a single server. So I need to add old users from external servers to a passwd and shadow files.

There are several things in which I am not sure how it works.

It is possible to edit the passwd and the shadow file in runtime? So that I can for example copy the shadow and passwd file from /etc/... to a temporary directory (passwd.back shadow.back). Here I delete the unneeded users and add the new from the external servers with - cat shadow_old >> shadow.back. (here the shadow_old contains only the needed users from the other server, the system and other users are deleted from it) This way I get a shadow.back with new users inserted into it from another shadow file (same for passwd). The root and the system users stays the same.

Can I this manually formatted shadow and passwd file just copy from the temporary directory to the running servers /etc/shadow and /etc/passwd file?

Code:
NEWSERVER ORIGINAL:
/etc/passwd

root:x: ...
bin:x: ...
deamon:x: ...
...
user1:x: ...
user2:x: ...

cp /etc/passwd /temp/passwd.back

*********************************************

OLDSERVER:
cp /etc/passwd /temp/passwd_old

(remove every sys user, leave only users within a certain UID range)

user3:x: ...
user4:x: ...

cat /temp/passwd_old >> /temp/passwd.back
cp /temp/passwd.back /etc/passwd

(SAME FOR SHADOW)
I take care about the UIDs and home-directories of course. (I mean there will be no users with same UID)

Will this work?

One more question - are there any illegal characters which cannot be used in /etc/passwd file???
Just curious because the webmin allows you to put into a shadow any type of character. I noticed that when the local admins started to put strange characters in the full names of users there appeared for example the semicolon ';'. (local cauntry special characters like - š,ľ,č.é ...) When I saw this I started to thinking about what would happen if some of this guys put into this section the ':' character.

Thanks for your help.

Last edited by hua; 04-14-2011 at 07:59 PM.
 
Old 04-14-2011, 07:56 PM   #2
zordrak
Member
 
Registered: Feb 2008
Distribution: Slackware
Posts: 595

Rep: Reputation: 116Reputation: 116
Your questions twist up a little.. but here's the skinny.

You can manually modify either as much as you like and the changes will be immediate.

What you propose - to manually merge the users from different servers - will work perfectly as long as each user ends up with a unique UID. When making your modifications, because it's not just a simple change, you should keep a backup of the original so you have something to revert to if necessary.

Once you've modified passwd to suit your needs, putting all the users as they should be etc. run "pwconv". This will update shadow with the new users without breaking the password hashes of the old users. Then just copy the password hashes for each user from the other servers shadow file replacing the "x" in each case. As soon as you write the file the changes will be made.

One thing you may not know about is the tool "vipw". It's basically an editor but specifically for passwd files, helping you to not make critical mistakes. Read "man vipw". "vipw" opens your passwd file with your editor. "vipw -s" opens shadow.
 
1 members found this post helpful.
Old 04-14-2011, 08:40 PM   #3
hua
Member
 
Registered: Oct 2006
Location: Slovak Republic
Distribution: Slackware 14.2, current
Posts: 463

Original Poster
Rep: Reputation: 79
Quote:
Originally Posted by zordrak View Post
Your questions twist up a little.. but here's the skinny.
Sorry I was woken up in the middle of my sleep (server error) and I'm a bit exhausted.
Thanks for your answer.
Quote:
Once you've modified passwd to suit your needs, putting all the users as they should be etc. run "pwconv". This will update shadow with the new users without breaking the password hashes of the old users. Then just copy the password hashes for each user from the other servers shadow file replacing the "x" in each case. As soon as you write the file the changes will be made.
I think that I was missing exactly this. (Breaking the password hashes)

Last edited by hua; 04-15-2011 at 09:57 AM.
 
Old 04-15-2011, 12:51 AM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,578
Blog Entries: 31

Rep: Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208Reputation: 1208
This command will sort a passwd format file by uid (the number) making it easier to find any duplicates that merging may have introduced:
Code:
sort --field-separator=':' --general-numeric-sort --key=3 /etc/passwd.merged > /etc/passwd.merged.sorted
 
1 members found this post helpful.
Old 04-17-2011, 04:30 AM   #5
hua
Member
 
Registered: Oct 2006
Location: Slovak Republic
Distribution: Slackware 14.2, current
Posts: 463

Original Poster
Rep: Reputation: 79
Thanks for your answers.
Now I completed the passwd and shadow merging successfully. I use the useful tools vipw and vigr for modifications.
The pwck showed me several errors in the passwd and shadow files which helped me to solve some problems. Great.
Finally the pwconv worked with no problem.

Last edited by hua; 04-17-2011 at 04:33 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
shadow and passwd idlehands Linux - Security 2 07-28-2010 04:04 PM
user autentication error because of manual modification in passwd / shadow nirmalsethy Linux - Newbie 1 11-20-2008 11:45 AM
passwd shadow problem rblampain Linux - Distributions 2 10-04-2005 01:00 AM
It is ok if i unshadow the /etc/passwd and /etc/shadow Paxmaster Linux - Software 1 01-12-2005 11:07 PM
/etc/passwd or /etc/shadow? tiger7007 Linux - Security 2 03-21-2004 05:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration