Best way to maintain user files and permissions through a new installation?

Lufbery · 08-04-2009, 01:56 PM

Hi all,

Every now and then, Pat and the Slackware team release a new version of my favorite OS.

I started with Slackware version 11, so I'm a relative newbie, but I've been through the change from one version to the next three times now, and each of those has been on two computers.

I've made the update both ways: as a clean installation of the new version and an upgrade. The upgrades generally go very smoothly with my users' data and setting seamlessly moving into the next version. Even non-Slackware packages I'd created generally ran well without having to be recompiled.

The clean installation gives a cleaner system (duh), but I've had trouble migrating users and data with that method. So here's my question:

If do a clean installation, but set the /home directory to the partition that currently holds /home, can I then copy over the new /etc/group, shadow, and passwd files with the old ones to maintain my users' data and passwords?

Thanks,

-Drew

onebuck · 08-04-2009, 03:26 PM

Hi,

The 'UPGRADE.TXT', 'CHANGES_AND_HINTS.TXT' on the new release will provide you with the information to upgrade. Moving your configuration files '/etc' should not present a problem.

Be careful moving 'XORG' stuff as you may have some problems. Those you may have too hand edit, configure or even just setup the system. The same with configurations for '~/home' for your DE for users. You may need to hand edit for those or just not copy and let the environment setup.

rworkman · 08-04-2009, 03:28 PM

You've got the right idea. Keeping /home on a separate partition makes the rest of the process pretty much braindead easy :-) I generally do this:

Code:

tar czf /home/sysconfig.tar.gz /etc /var/named /var/lib/wicd

Then after doing the new installation, you can do this:

Code:

tar xf /home/sysconfig.tar.gz -C /root

Then something like this will copy over the old user entries to the new /etc/passwd and friends:

Code:

#!/bin/sh
# run as root, of course
# completely untested and done from memory - this might not have a chance of
# working without some edits, but the proposed idea should be clear
cd $HOME
for dir in /home/* ; do 
  if [ -d $dir ]; then
    # Add exclusions here
    case $dir in
      ftp)
        break ;;
    esac
    _USER=$(echo $dir | cut -d/ -f3)
    grep ^${_USER}\: etc/passwd >> /etc/passwd
    grep ^${_USER}\: etc/shadow >> /etc/shadow
  fi
done
# Note that this does not copy custom groups over; that's left
# as an exercise for the reader
# Also note that I would break this up into functions if I were
# actually going to use it: getting the list of directories would
# be a separate function, the exclusions-check would be a function,
# and so on, in such a way that the end result would just be this:
#!/bin/sh
# (function declarations here)
# get_dirs
# exclude_dirs
# write_file

Lufbery · 08-04-2009, 07:36 PM

Thanks guys!

Robby, I'm still learning my way around bash scripting, but I think I've got the general idea of your script. I've been doing those steps manually.

Thanks again,

-Drew

rworkman · 08-05-2009, 02:22 AM

Okay, I have issues - I really shouldn't let myself kill time doing this sort of thing, but oh well. It passes the most basic "Works For Me" testing. YMMV. If it wipes your machine, causes your psoriasis to flare up, and/or buttrapes your dog, don't say I didn't warn you. ;-)

Code:

#!/bin/sh

# Copyright 2009 Robby Workman <rworkman@slackware.com>, Northport, AL, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# This is written mostly as an academic exercise for *me* - if it actually
# proves to be useful, that's great; if not, oh well.  Suggestions for 
# improvement are welcome, but I make no promises about continuing to 
# maintain this script, even if the suggestions are wonderful.
# Because this is an academic exercise, and because I hope it can be a
# learning tool for others, I'm going to include lots of comments that 
# I might otherwise omit.

# Some directories in $HOMEDIR might need to be excluded:  if a directory
# does not match an existing user (e.g. SBo repo at /home/SBo) or the
# existing user is already present in the passwd file (e.g. ftp user)
# You don't need to edit the line below - simply pass as many values as
# you wish (space separated) to DIR_EXCLUDES when invoking this script
# As an example:  DIR_EXCLUDES="SBo slackware" ./TODO.sh
DIR_EXCLUDES+=ftp

# Set some important locations
HOMEDIR=${HOMEDIR:-/home}       # some systems may use /users
BACKUPDIR=${BACKUPDIR:-/root}   # toplevel location of the backup etc/ tree

# This script expects /root/etc/{passwd,shadow} by default, but that's easy
# enough to change by passing the PASSWD_BAK and/or SHADOW_BAK values 
PASSWD_BAK=${PASSWD_BAK:-"${BACKUPDIR}/etc/passwd"}
SHADOW_BAK=${SHADOW_BAK:-"${BACKUPDIR}/etc/shadow"}

# If everything finishes successfully, then these will catch the output
PASSWD_ADD=${PASSWD_ADD:-/etc/passwd.additions}
SHADOW_ADD=${SHADOW_ADD:-/etc/shadow.additions}

# Ideally, nothing below this line needs to be edited
###############################################################################

set -eu

# Declare some temporary files
TEMP_USERS=$(mktemp)    # temporary user list
T_PASSWD=$(mktemp)      # passwd file additions
T_SHADOW=$(mktemp)      # shadow file additions

# If the script exits, trap that and clean up our temporary files
trap "do_cleanup ; exit 0" EXIT;
trap "do_cleanup ; exit 1" SIGINT SIGTERM;

# Here's our cleanup function
do_cleanup() {
  rm -f ${T_PASSWD} ${T_SHADOW} ${TEMP_USERS}
}

# If no user account matches a directory entry, say something...
error_nouser() {
  printf "\n\tWARNING: No \"$1\" user account is present in the
        ${SHADOW_BAK} file -- ignoring ${HOMEDIR}/$1 \n\n"
}
# Make sure the temporary files are securely used
make_vars_secure() {
  chown root:root ${TEMP_USERS} ${T_PASSWD} ${T_SHADOW}
  chmod 0644 ${TEMP_USERS} ${T_PASSWD} ${T_SHADOW}
}

# This function will grab the list of user accounts
get_users() {
  for dir in ${HOMEDIR}/* ; do
    printf "$(basename ${dir})\n" >> ${TEMP_USERS} ;
  done
}

# This function will prune the excluded dirs from the user list
prune_users() {
  for exclude in ${DIR_EXCLUDES} ; do
    sed -i "/^${exclude}$/d" ${TEMP_USERS} ;
  done
}

# This function will grab the passwd info for each user and concatenate it
# (sorted by uid) into a temporary file
get_passwd_info() {
  local UNSORTED_PASSWD=$(mktemp)
  for username in $(cat ${TEMP_USERS}) ; do
    if grep -q "^${username}:" ${PASSWD_BAK} ; then
      grep "^${username}:" ${PASSWD_BAK} >> ${UNSORTED_PASSWD}
    else
      error_nouser ${username}
    fi
  done
  sort -t: -k3 < ${UNSORTED_PASSWD} > ${T_PASSWD}
  rm -f ${UNSORTED_PASSWD}
}

# This shouldn't need the error checking in it, so here's hoping...
get_shadow_info() {
  # We'll use the sorted user list in T_PASSWD so that the shadow file
  # will be in the same order as the passwd file
  for username in $(cut -d: -f1 < ${T_PASSWD}); do
      grep "^${username}:" ${SHADOW_BAK} >> ${T_SHADOW}
  done
}

# Finally, this function will write out the contents of the temp files
# into more permanent files
write_additions() {
  cp -a ${T_PASSWD} ${PASSWD_ADD}
  cp -a ${T_SHADOW} ${SHADOW_ADD}
  printf "\n\tReview the contents of ${PASSWD_ADD} and ${SHADOW_ADD},
        and if they are what you expected, then you can simply append
        them to the existing /etc/passwd and /etc/shadow files.\n\n"
}

make_vars_secure
get_users
prune_users
get_passwd_info
get_shadow_info
write_additions

Lufbery · 08-05-2009, 07:06 AM

Robby,

You're a saint among men. Thank you very much. The comments help immensely.

One more quick question: is this best run from the /root directory?

Thanks,

rworkman · 08-05-2009, 03:39 PM

If I wrote it correctly, it shouldn't matter what $(pwd) is. :-)