103 comment

  1. Hi

    I followed your instuction on CentOS 4.4. When I reboot I lost my root user and gdm din’t start.
    I could login from all user but not root.
    Can you help to give me some advices please?


  2. Great! The following line is probably a typo as I’m assuming you mean to back this up with a copy, otherwise you nuke the password files (probably what happened to nixcraft)

    # mv /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak

    # cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak

  3. There is an error in the article. In the step where you back up the passwd, group, shadow, and gshadow files from the new system to the newuser.bak directory, use the cp command, not mv.

    In other words, the article should read:

    “Commands to type on new Linux system

    First, make a backup of current users and passwords:
    # mkdir /root/newsusers.bak
    # cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak”

  4. Your instructions worked perfectly when migrating accounts from Redhat 4ES to another Redhat 4ES. I added a couple of steps to move all the aliases and aliase folders to the new server. Thanks

  5. It may sound complicated, however, I am much more happy to do this with Linux than with Mickey$oft O/S’s, in fact, I am much more happy to do ANYTHING with Linux over Windoze!

  6. If you had used LDAP for user accounts, then you wouldn’t have needed to migrate user accounts ….

    Also, you could skip the whole tar aspect by just using rsync, e.g. rsync -e ssh -avtP /home/ newserver:/home

  7. Thanks for the howto. This is really close to what I have been looking for. In my particular situation LDAP and NIS do not fit as well as your howto does. Also thanks for the comments of everyone, as they are helpful.

  8. you might wanne consider runing sshfs on your new server, then u can login to the old (if sshd is running) and simply copy the requierd data true fx. mc, and get all the file rights w you…
    its fast is simpel, and you only need to have secure shell intstalled on the old box`s to make it work… (and most boxses have… ;)

    just a littet advice for the data moving part.

  9. I have a problem, for starters, it look lie I was kind of doing the right thing myself but this blog really helps, thanks. Anyway everything works fine untill I get to the bit where I am extraction all the users data from the home.tar.gz. (kind of important bit) and it fails with text flying up the screen saying “Cannot change ownership to uid 511, gid 511” and “Cannot mkdir: Permission denied” and ” Cannot open: Permission denied”

    obviously I do not have permissions :o(

    I am loged in as root and the home directory of the new server has these permissions:

    drwxrwxrwx 12 root root 0 Feb 8 19:28 home

    I’m not sure how it is possible to obtaim more permissions than that. I have tried with other privilages on the home directory and it still does it.

    PLease can someone help me

    Many thanks

  10. Hi!

    I tried your howto, and everything went along great until i rebooted and tried to log on with the users i just copied over. root works fine. The passwords are not accepted, and i cannot change them with passwd. “passwd: Authentication token manipulation error”. Im using fedora core 6.

    Please help

    1. What did you do to fix the issue ? I rebooted and when I am logging into other user account , it does nothing and comes back to login screen.My root login works fine.

      Please help asap! Thanks :)

  11. hi i am new user in linux i am getting every answer from ur site.you are providing great solution on every problem its being great to refer your site thanks for every thing

  12. Hi,
    I have a small query my new system already has couple of user accounts now I want to transfer the user accounts from the old system I have checked both the systems there is no conflicts in UID,GID so shall I go ahead with it.


  13. Hi,
    The things worked beautifully for me.
    Thanks to the author.One more thing cant I script the steps that are done by the command awk?


  14. I was able to migrate the home folders and accounts from RedHad Linx to Fedora but it seems that I cannot log in with the migrated accounts although I am able to see them under USERS. Am I missing anything? Please help.

  15. I am very much thankful that I got migration solution of user. How to transfer printer settings of each user from one m/c to another? we have localy connected the printers to thin clients.

  16. Thank you so much. This is beautiful. I’m trying to upgrade to a new physical box, different distro, switch to ldap, and from Samba 2 to Samba 3. All this without messing up the working server. I’ve messed up the new box several times, and your migration page is very helpful in avoiding mistakes during this stage. BTW, I used rsync instead of tar for the home directories.

  17. now i am using centos 3 in a dell server now in that server i am running sendmail squid and iptables ftp now i want to migrate the server in to new dell server running in centos 5

    please any one help me on this issue

  18. hi
    everyone i have question im a newbie admin can anyone give me advise or help me if how can i backup my old linux email server III to new one or migrate to cent mail..tnx what are the important files to back up for linux suse email server III?

  19. hii,
    i followed the procedure above, after all steps. USers password is not getting accepted, what could have went wrong ?

    Eliena Andrews

  20. I cut and pasted the commands into an SSH terminal & checked the passwd.mig and shodow.mig to find they were empty!
    I double checked the lines and they were correct (values ect.)
    Plus I end up with a file called “-” which I’m guessing comes from the “/etc/shadow” line “tee -” (typo maybe?)
    Id really like to get this working as it would be quite helpful with my project. My Level is slightly above newbie Admin.


  21. First of all i just wanna say thank you guys! This is my first time to get into the linux world! ….

    I follow the instruction regarding how to’s .. then after rebooting my new centos5 box error message appears:

    “The user database cannot be read. The problem is most likely caused by a mismatch between /etc/passwd and /etc/shadow or /etc/group and /etc/shadow. The program will exit now.”

    I follow the instructions twice and i got same message error. I dont know how to fix this one. Please help me…


  22. this how to works great :) But now Im stuck i need to migrate from Redhat to Debian the UGIDLIMIT are different on this distros? any advice ?

  23. Great instructions easy to follow!!! Worked like a charm!! Thanks for making this available – I
    have it bookmarked for when I do this again!

  24. RE: Augusto need to migrate from Redhat to Debian the UGIDLIMIT are different on this distros
    this advice would be useful for me too. Is it possible to adjust the /etc/passwd and /etc/group files?

  25. Thanks, This was very useful.
    I needed to move a couple of system accounts

    so did this:
    awk -F: '($1 ~ /(tomcat|apache)/)' /etc/passwd > /root/move/passwd.mig
    awk -v LIMIT=$UGIDLIMIT -F: '($3>=LIMIT) && ($3!=65534)' /etc/passwd >> /root/move/passwd.mig

    and then couldn’t figure out what the tee gave me and I was moving a set of users not based on UID so did this:
    awk -F: '{print $1}' /root/move/passwd.mig |egrep -f - /etc/shadow > /root/move/shadow.mig


  26. Also – a couple of commands to check out if you are having problems with “User database cannot be read” error: pwconv, grpconv and pwck. Works like a charm – now… :)

  27. OK, I followed instructions… got stuck with users not being able to log in. If instructions were not correct, how do I fix it now?

  28. Excellent! I followed the instructions and did a fresh install of openSuse 11.0 on to 10.3. I have my old /home on a separate partition and didn’t mount it during install because Suse wants an initial user which would have overwritten my original first user (UsId=1000). I installed, logged in as root, deleted the initial user, changed the mount of /home to point to my old /home partition, did the transfer of backed up passwd files etcetera, rebooted and bingo!

    My only worry was, when it came to generating the initial user during install, I had a choice of encryption algorithms for the password. Obviously if I’d chosen the wrong one I’d be stuck (though I could probably log in as root and reset the users’ passwords).

    So my question is: is it possible to tell what encryption algorithm was used for password storage before starting?

    Thanks again for the info.


  29. I am wanting to mirror users/groups to from one Ubuntu server to another. I see that Ubuntu starts off with a user with UID 1000 (created with the name you give it in setup), I guess I should not try to migrate this user since it already exists on the destination machine i.e. I should set UGIDLIMIT=1001?

    What if one re-runs this action later to update the mirror? Do users gets duplicated cos surely one gets multiple entries for same user in /etc/passwd?

  30. My $0.02: For those who are concerned about UID’s and GID’s…

    …you can change UID’s and GID’s on the old system before migration using:

    groupmod -g (newgid) groupname
    usermod -g (newgid) username OR usermod -G (newgid) username
    (‘g’ changes the initial group or ‘G’ to add an additional group membership)

    Make a backup of the old files first and then change the group GID then change any appropriate users attached to those groups if necessary. Test to make sure all is well. You can do this preemptively if you are going to from a system that starts custom groups at 500 to one that starts custom groups at 1000 or if you don’t want any UID/GID conflicts with your target system. Be the superuser and it would also be prudent to make the changes while none of the users are attached.

    Feel free to pick this post apart.

  31. Your FAQ fails to copy over ‘/etc/passwd-‘ as well

    in the command:
    cp /etc/passwd /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak

    should be:

    cp /etc/passwd /etc/passwd- /etc/shadow /etc/group /etc/gshadow /root/newsusers.bak

  32. Great instructions, worked well for me
    BTW, if I had 2 linux servers, do you think it would be possible to merge the accounts into one of the 2 ?

  33. I was getting a “-” file created in /root/move when trying to get the shadow.mig, but I’m not now, and I’m not sure what I did!

    If anyone does get the “-” file, add some spaces around the “tee” command and try again… That’s what I did and it went away!

  34. Thanks for a great guide.
    I have small problem with it.

    From some reason the tar commands don’t work under Red Hat Linux.
    it did not manage to tar or untar the files.

    Do you know how to skip existing files?
    I tried -k flag but no success ;/

  35. Everything worked great. All my users & machines show up in User Manager.

    However I cannot logon as a user, only root. It says wrong password.

  36. In Ubuntu, I had a problem following these instructions. When the screensaver was locked, you couldn’t unlock the screen without going to “Switch User” and then put in the password there. In addition, half of the time your gdm session would immediately crash and you’d have to log in from scratch again.

    The problem was that the “shadow” user wasn’t able to read the /etc/shadow and /etc/gshadow files. The /etc/shadow and the /etc/gshadow files need to be chown’d to root:shadow, and chmod’d to 640 like this:

    # chown root:shadow /etc/shadow
    # chown root:shadow /etc/gshadow
    # chmod 640 /etc/shadow /etc/gshadow

  37. I created account successfully, can login but login take time and gives error:
    /usr/bin/xauth: timeout in locking authority file /home/testuser/.Xauthority

    Any help?

  38. This worked perfect for me migrating users from an old FC3 box to a new Ubuntu 10.04 LTS one. I did run into a problem when I tried to do it a second time. The instructions as they are will result in duplicate entries in the /etc/passwd file. If you want to do this more than once, the *.mig files will need some manual massaging before catting into the destination passwd file. (This may go without saying for most of you, but for me it wasn’t something I thought of ahead of time). I was able to clean it up, but it was a pain.

  39. For the /etc/shadow file, better use following to prevent ambiguous match, say a local account named db will also match system account dbus
    # awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534) {print $1}’ /etc/passwd | sed -r -e ‘s/(.*)/^\1:/’ | egrep -f – /etc/shadow > /root/move/shadow.mig

  40. It worked perfect from FC 11 to FC 15. Btw, may I add the fact that the host keys must be imported/ecported also. Reason: it is possible to have some users which are using their accounts (SFTP) with the help of an automaitc SFTP client. IN order to keep everything transparent for them, the host keys of the machine must be imported/exported (etc/ssh).
    Maybe is better to test it and include it in this tutorial. Btw, the a lot for doing this.

    Have a nice weekend.


  41. I am migrating accounts between an RHEL 5 server and RHEL 6 server and noticed that etc/gshadow file entries for even the same group are listed differently between the two servers. For example: ntp:!:: on rhel 6 and ntp:x:: on rhel 5. Your wonderful article shows that the gshadow file is copied in its entirely (as is) from the old server to the new server. This means that the entries on the new server will be completely replaced. Would it be better to append entries from the original gshadow that don’t exist on the new server instead of replacing it with the entire file from the old server? Thanks in advance.

  42. Gracias por su procedimiento:
    Solo una pequeña sugerencia / pregunta:
    No sería mejor en lugar de:

    Copia el archivo / etc / gshadow (rara vez utilizada):
    # cp /etc/gshadow /root/move/gshadow.mig

    Usar el mismo procedimiento que para shadow?:
    awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534) {print $1}’ /etc/group | tee – |egrep -f – /etc/gshadow > gshadow.mig

    y ya en el nuevo servidor, en lugar de:
    # /bin/cp gshadow.mig /etc/gshadow

    hacer lo mismo que con los otros archivos:
    # cat gshadow.mig >> /etc/gshadow

    Un saludo afectuoso..

  43. Francisco: (My Spanish is good enough to understand you, but not enough to answer…)
    Your script grabs every user name above UGIDLIMIT and then grabs every matching line from gshadow.
    1. If a user matches the UGID, and is in a group that already exists on the new machine, e.g., adm, disk, lp, man, dialout, lpadmin,… then you get two entries for those groups in the new gshadow.
    2. There is a small (but non-zero) chance that a user’s name is a substring of a group that doesn’t match UGID, then you would get false positives: roo, kern, hal, ack, kit, and other 3-letter initials that some users might (perhaps unwisely) use. The grep should check for lines with words that match exactly the usernames.

  44. I keep getting permission denied when i attempt to create the shadow.mig ???

    I added my user to the root group but no difference

    -rw-r—– 1 root shadow 982 2012-04-19 13:28 shadow are my permission group has read

  45. Wow, you know you’ve got a great tutorial when it’s copied verbatim by a bunch of others who don’t give one bit of credit to the original.

    I have found this on at least 5 other sites with only ONE giving credit to Vivek and cyberciti.biz.

  46. Is there a reason you use !=65534 instead of =LIMIT) && ($3=LIMIT) && ($3<=UPRLIMIT)'

    Seems like without <= , your awk would pick up values above 65534 (or 29999 for some systems)
    of course, there *shouldn't* be a user 65535 so it should work fine as you've specified. (my systems seem to all have nfsnobody at 65534)

    Maybe my shell scripting is a little rusty, but I think the "export" is unnecessary here, unless you want to put the migration commands in a shell script and run it in a subshell. With export there, any other subshells you run (until you log out) will also see that export. (Don't ask me how I know that…ouch)

  47. I followed your instructions to migrate from redhat kernel 2.4 to centos 6 and for the most part, they worked great. The only problem I am experiencing is when I go into the user manager I get the error “I couldnt find the numerical IDs of these groups:” and it lists about 10 groups. (ident, mailnull, netdump, news, nscd, pcap, piranha, pvm, rpm, squid, xfs) I didnt see these groups in /etc/group or /etc/gshadow and I am not sure that any of the corresponding programs are loaded on the new machine. Any help on this would be greatly appreciated. Thanks!

  48. ahhhhhh…. I answered my own question after re-reading my last post. All of the programs I listed had GIDs lower than 500. I edited the the /etc/group file (vigr) and inserted the missing values. All is well now. Thanks for the awesome post.

  49. Unfortunately this tutorial doesn’t working when I tried migrate user with mailboxes from Fedora do CentOS, because when I start postfix + dovecot a lot of error with permissions denied occured in maillog and email klients could not connect :(

  50. Hi
    A very simple and effective approach, which I followed. Then, to copy all directories in /home directory, I used next command as root:
    rsync -avz /home/
    Where /home/ refers to the source machine, and is the IP address of the destination one. All file permissions and ownerships were preserved. Also please make sure you include all slashes shown.
    rsync must be installed in both the source and the destination boxes. Both machines are servers which run Debian Squeeze.

  51. the shadow part does not work for me either:

    $ sudo awk -v LIMIT=500 -F: ‘($3>=LIMIT) && ($3!=65534) {print $1}’ /etc/passwd | tee – |egrep -f – /etc/shadow > /home/vain/shadow.mig
    egrep: /etc/shadow: Permission denied

    and I just end up with an empty shadow.mig file.

    I’m using Ubuntu Sever and wanting to switch to Debian Squeeze. currently there is no root user, though I obviously have sudo.

    1. If you’re using sudo you have to put a ‘sudo’ in front of the ‘tee’ command and the ‘egrep’ commands. Or simply run it as root.

  52. When I do the import into the new system, mysql stops working

    I’m migrating from Debian 6 to Debian 7

    The problem is that it eliminates the socket

  53. I have followed the instruction to migrate users from “CentOS” to “Power RHEL6.4(ppc)” ,
    for me its not working, when i tried to reset password its through “token manipulation error” .
    I have restored old backup file , but same error .
    Can anyone help me on this and i need steps to take single user mode on Power Linux .

  54. I followed your instruction step by step to move users from RHEL5.5 to another RHEL5.5. No errors encountered. However, when I try to reboot, the server was not coming up…what could be wrong?

  55. I just tried this for one of my use cases. Good info. works well.

    One thing would like to bring to notice which just happened in my case. In my case there are few users who are getting sudo access using wheel group definition in /etc/sudoers file. and since few users in new box are not part of wheel user ( as we have exclude any gid below 500 ), the users didn’t get Sudo access. for now as a workaround I am collecting all user’s group information and putting it in a file and later in new machine I use a loop to compare if the user has all the group mentioned in the file. If not than I make the user part of that group.

    Bit of extra work. any simpler solution?

  56. Hi,
    Followed your instructions but one problem at login. The prompt I’m getting is ” I have no [email protected]_Server”. Any ideas what is wrong?

  57. Linux can easily run on lower-class coerutmps (so it will run on a 6GB Hard drive, with pentuim 2) Yes, most distros. of it are free, I reccomend Ubuntu, where it is optional to download, because you can order free CDs. And yes, it is very user friendly, the only thing not user friendly is installing stuff, which can be a pain.

  58. I copied and pasted this command and nothing happened. I don’t have a passwd.mig file in the move directory.
    # awk -v LIMIT=$UGIDLIMIT -F: ‘($3>=LIMIT) && ($3!=65534)’ /etc/passwd > /root/move/passwd.mig

    Any suggestions?

  59. really good info. I should delete the existing users and groups before first to make the migration work properly. also i have used pwck and grpck to check the errors in user database

  60. Thanks Guys
    Am new to Linux, but I was able to migrated successfully from fedora to centos7, but I can’t login to any of the accounts. except the old root account. when I try to login with squirrel mail it gives this —
    ERROR: Connection dropped by IMAP server.

    Also trying to login from terminal it gives this—
    bash: /home/user/.bashrc: Permission denied

    Please Guys, how do i go over it and have my logins work?


  61. Wrong use of egrep:
    if one has real users zzftp and rooter, system accounts root and ftp will be included in shadow file. Try something like print “^”$1″:” in awk

  62. this worked for me, thanks

    but, now i want to migrate to new server without carrying user data in /home/user. the migration must create the /home/user folder though. i also want to create /var/spool/mail/use but without the emails

    thank you

  63. If I too late for this thread? Everything smoothly except for one thing. I can login every account I transferred except in samba sharing on windows “access denied”. Anyone have an idea what happen?

Leave a Comment