[SOLVED] Setting Passwords from /etc/shadow file

devUnix · 04-04-2017, 06:29 AM

Hi,

We have upgraded a RHEL 6 server to RHEL 7 and we do have backup of configs / system files. Now the customer wants to create users found in the old /etc/passwd from RHEL 6 but does not want us to touch /etc/shadow or /etc/passwd manually. The customer wants that user accounts that are not currently present in the current /etc/passwd file be created using "useradd" command (for example) and the related password from the /etc/shadow be taken instead of directly copying the user account's info from the old /etc/shadow file to the new /etc/shadow file.

I am currently doing my homework on Google but have not found a solution yet.

So, how do we use /etc/shadow for setting password for a new user account that used to exist earlier (in the old /etc/passwd and /etc/shadow) so that we can keep the same old password when creating the user account now since the new /etc/passwd and /etc/shadow files do not have the user account's entries?

Please let me know if my query is not clear.

In other words:

I have old /etc/passwd and /etc/shadow files.

The new /etc/passwd and /etc/shadow files do have entry for user account "Jack".

Now I create the user account "Jack" using:

useradd Jack

and need to use the same password according to the old /etc/shadow file.

I am wondering as to how to do that.

devUnix · 04-04-2017, 06:38 AM

I have answered the question myself, however, I will keep this post open for sometime if there is another way to do it.

My Solution / Finding:

By reading the help section of "useradd" command I got to know about -p or --password option that does the work I want to do:

useradd Max -p `grep Jack /etc/shadow | cut -d ":" -f2`

Now I can login as Max using the same password as set for Jack in the /etc/shadow file.

Habitual · 04-04-2017, 06:50 AM

Good stuff. I'm keeping it.

r3sistance · 04-04-2017, 07:54 AM

The customer is right to want to do this an alternative way as it is a bad idea to copy /etc/passwd and /etc/shadow from RHEL 6 to RHEL 7 as there is a very big change between them to consider. In RHEL 6, anything up to uid 500 is reserved for system accounts whereas in RHEL 7, anything up to uid 1000 is reserved for system accounts. While you can change/reconfigure it, it isn't advisable.

Given uids for normal users start at 500 in RHEL 6... the moment you copy those over to RHEL 7, you are inviting yourself to have some "fun" issues.

sundialsvcs · 04-04-2017, 07:46 PM

The only change that I'd suggest to the above "trick" is ... that you deliberately break it down into a series of smaller steps.

For instance, "first run that grep/cut sequence to create a file ... containing the proposed(!) set of changes."[/i] Then, open the sucker up and carefully eyeball it. Then, perhaps, use xargs to execute the actual commands.

The customer's reasoning, and your general solution, is quite sound. Although you might, with rootly powers, compare two lists (one of them being the "shadow" file) ... n-e-v-e-r

attempt to modify such files directly.