[lug] Migrating users

[bgiles at coyotesong.com]

> On Thursday 22 February 2007 12:43, bgiles at coyotesong.com wrote:
>> > On 2/22/07, Paul Nowosielski <paul at celebrityaccess.com> wrote:
>> >> Dear All,
>> >>
>> >> I'm in the middle of migrating our WWW/FTP server to a new box.
>> >> I have many ftp users that grab data feeds from our server.
>> >> I'm wondering if I can just copy /etc/shadow and /etc/passwd files to
>> >> the new
>> >> server or will I have to actually add the users manually.
>> >
>> > I have successfully done that in the past.
>>
>> Not so fast, it depends on what apps you're running and how they're set
>> up.  If it's basic Apache authentication of static content then you just
>> need the .htpasswd files in the document tree.  If your webapp is more
>> sophisticated you'll need to do more work -- anything from copying some
>> extra files to installing and configuring a full database.
>>
>> FTP, on the other hand.... let's just say that there's a bullet-pocked
>> wall for any sysadmin who still uses system accounts for FTP access.
>> Again you'll need to do research to discover how authentication is
>> handled
>> and copy over those files.
>>
>> So the first step is figuring out exactly what you have.  Which webapps,
>> which ftp server....
>>
> Dear All ,
>
> Thanks for the insight. It really helped ;)
>
>
> Best,
> --
> Paul Nowosielski
> Webmaster
>

P.S., you might need to copy /etc/group as well.  You should definitely
make sure the low numbers are the same -- some are well-known but some
daemons may have different uids depending upon the order they're installed
and it may not be obvious that it's because apache, postgres and mail all
swapped their user ids.

The point remains on ftp using system accounts.  You should have a
different authentication method even if the users all have system accounts
as well.  They may still be stupid and use the same password for system
(which uses ssh) and FTP, but at least you've made the effort.