Re: passwd file and user accounts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/7/07, Lisa Casey wrote: I suppose I cannot simply copy /etc/passwd, /etc/group and /home from the Redhat computer to the FreeBSD computer due to the password hash in /etc/passwd. Am I correct on this? Would it be possible to copy /etc/passwd then (before the new system goes live) reset all the passwords with the passwd command? That might be easier than adding in close to 700 accounts using adduser. Does anyone have a better idea of how I might go about doing this? The other answers to your question are more informative, but I just thought I'd point out the chpass command. I no longer have access to the script I wrote before, but it wasn't difficult. I just wrote a little script that read the passwd and shadow files, ignored the system accounts, and then constructed a valid line for the master.passwd file, then just fed it to the system with chpass -a $new_entry - -- Andy Harrison public key: 0x67518262 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: http://firegpg.tuxfamily.org iD8DBQFGkMryNTm8fWdRgmIRAl7+AJ0SHBQGrtESAgj3uAyCvj0y57fReACgw5po Ueuco3rkR/VseXPMqOjzb+4= =d8g0 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: passwd file and user accounts
I didn't have as many accounts so I didn't even bother migrating them. I add all my new accounts using pw rather then adduser. It is much easier to script with this then adduser. My first approach would be the following: 1. add one account to freebsd. 2. Using chsh or vipw, copy the redhat password hash into the account, and see if the password works as is. If I remember correctly I think they do. 3. See if you have any accounts on your freebsd with a user or group higher then 500. 4. Write a quick script to create the new user accounts. Make sure you installed shells/bash. Should be simple enough using awk or cut. I would keep the existing values from the linux passwd/shadow files, just make them properly formatted for bsd. Keeping the old uid numbers where possible is much less labor intensive then giving the users a new uid. pw will let you script this easily too if you do not want to manually edit the password files. If you create new uid's you will have to do a find across the entire system and chown chgrp all your files for 700 users. If you do choose to manually edit the password files, make sure to backup and rebuild the hash properly with pwd_mkdb. Lisa Casey wrote: Hi, This is probably a stupid question, but I'll ask it anyway... I have a Red Hat Linux system I need to get rid of. It is currently doing e-mail for approximately 700 users and is also doing radius authentication. I have setup a new FreeBSD computer to take it's place. I have everything setup now on the FreeBSD computer except for the user accounts and mailboxes. The mailboxes aren't a problem, I've used tar to move mailboxes before. I suppose I cannot simply copy /etc/passwd, /etc/group and /home from the Redhat computer to the FreeBSD computer due to the password hash in /etc/passwd. Am I correct on this? Would it be possible to copy /etc/passwd then (before the new system goes live) reset all the passwords with the passwd command? That might be easier than adding in close to 700 accounts using adduser. Does anyone have a better idea of how I might go about doing this? Thanks, Lisa Casey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
passwd file and user accounts
Hi, This is probably a stupid question, but I'll ask it anyway... I have a Red Hat Linux system I need to get rid of. It is currently doing e-mail for approximately 700 users and is also doing radius authentication. I have setup a new FreeBSD computer to take it's place. I have everything setup now on the FreeBSD computer except for the user accounts and mailboxes. The mailboxes aren't a problem, I've used tar to move mailboxes before. I suppose I cannot simply copy /etc/passwd, /etc/group and /home from the Redhat computer to the FreeBSD computer due to the password hash in /etc/passwd. Am I correct on this? Would it be possible to copy /etc/passwd then (before the new system goes live) reset all the passwords with the passwd command? That might be easier than adding in close to 700 accounts using adduser. Does anyone have a better idea of how I might go about doing this? Thanks, Lisa Casey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: passwd file and user accounts
On Sat, 7 Jul 2007, Lisa Casey wrote: Hi, This is probably a stupid question, but I'll ask it anyway... I have a Red Hat Linux system I need to get rid of. It is currently doing e-mail for approximately 700 users and is also doing radius authentication. I have setup a new FreeBSD computer to take it's place. I have everything setup now on the FreeBSD computer except for the user accounts and mailboxes. The mailboxes aren't a problem, I've used tar to move mailboxes before. I suppose I cannot simply copy /etc/passwd, /etc/group and /home from the Redhat computer to the FreeBSD computer due to the password hash in /etc/passwd. Am I correct on this? Would it be possible to copy /etc/passwd then (before the new system goes live) reset all the passwords with the passwd command? That might be easier than adding in close to 700 accounts using adduser. Does anyone have a better idea of how I might go about doing this? Yes, you are right, you cannot simply copy the password files. FreeBSD and RedHat passwords files have different formats, and they also have different User IDs for the system users. Your real problem is to merge RedHat's /etc/passwd and /etc/shadow in order to create your /etc/master.passwd in FreeBSD and then you have to create your hash db from this file. In RedHat for instance, you have: /etc/passwd: daemon:x:2:2:daemon:/sbin:/sbin/nologin /etc/shadow: daemon:*:11688:0:9:7::: Meaning: /etc/passwd: UserName:x:UserID:GroupID:RealName:HomeDir:Shell /etc/shadow: UserName:CryptedPassword:... In FreeBSD's master.passwd, you have: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin UserName:CryptedPassword:UserId:GroupId:UserName:LogClass:0:0:RealName:HomeDir:Shell As you can see, daemon has different UIDs. I believe RedHat also uses MD5 for coding passwords but I do not know it for sure. So, take ONLY the entries of YOUR USERS and merge them in the FreeBSD's format and leave the list in a file. Once you have done this, use 'vipw' to edit your master.passwd, include your file of your users, and save it. This program will create your hash table and will update the password files. Good luck. Eduardo Thanks, Lisa Casey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: passwd file and user accounts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Lisa Casey wrote:
Hi,
This is probably a stupid question, but I'll ask it anyway...
I have a Red Hat Linux system I need to get rid of. It is currently
doing e-mail for approximately 700 users and is also doing radius
authentication. I have setup a new FreeBSD computer to take it's place.
I have everything setup now on the FreeBSD computer except for the user
accounts and mailboxes. The mailboxes aren't a problem, I've used tar to
move mailboxes before.
I suppose I cannot simply copy /etc/passwd, /etc/group and /home from
the Redhat computer to the FreeBSD computer due to the password hash in
/etc/passwd. Am I correct on this? Would it be possible to copy
/etc/passwd then (before the new system goes live) reset all the
passwords with the passwd command? That might be easier than adding in
close to 700 accounts using adduser. Does anyone have a better idea of
how I might go about doing this?
Not a stupid question at all, and you are quite right: you can't
just copy /etc/passwd and /etc/group from the Redhat box. /home
you can, pretty much, but see below about the necessity to renumber
some accounts, and also be aware that if any of your users have
locally installed Linux executables or scripts that claim to be run
by /bin/sh when they really need /usr/local/bin/bash then they will
have problems.
You're going to run into a number of problems shifting your user
accounts over:
i) System level accounts. On FreeBSD these are all the accounts
with UID or GID below 1000, plus the 'nobody' account. See
/usr/src/etc/master.passwd and /usr/src/etc/group for the list of
what is required by the base system, and see /usr/ports/{UIDs,GIDs}
for the numbers reserved by the ports system. On Redhat, the
boundary between system and user accounts is UID 500.
Thus to port your passwd and group database from Redhat to FreeBSD
you will need to discard the UIDs and GIDs below 500, substituting
the equivalent stuff from the default master.passwd and group files.
Also you will almost certainly have to renumber accounts where the
UID/GID is between 500 and 1000. That means running chown(1) on the
files owned by those accounts. A find command like the following
is often useful:
find /home -user ${olduid} -print0 | xargs -0 chown -h ${newuid}
ii) Password hashes. On Redhat there are two parallel files
/etc/passwd and /etc/shadow. It's /etc/shadow which contains the
password hashes. On FreeBSD the /etc/passwd file is generated from
/etc/master.passwd by stripping out certain of the columns and
replacing the password hashes from column 2 with asterisks. The
master.passwd(5) man page has all the details. You can just cut and
paste the password hashes from column 2 of /etc/shadow into column 2
of /etc/master.passwd. See crypt(3) for more information.
If your Redhat system is fairly old and still uses the traditional
style DES password hashes you can copy them just the same and they
will still work in FreeBSD, but you should force your users to
update their passwords when they next log in. DES password hashes
are almost trivially crackable nowadays. You can force a password
update for an account by setting the 7th column of
/etc/master.passwd to the current Unix time (ie. the output of
'date +%s')
The other columns of /etc/shadow are all about when passwords were
last changed and when they will expire. Those columns have
equivalents in FreeBSD's master.passwd but the data formats are
different and you can't just copy from one to the other. However,
unless you specifically use password ageing you can probably just
ignore those fields.
Note that a password hash of '!!' is special on Redhat. It means
'account is locked and cannot be logged into' (including by means
that do not involve passwords at all, like SSH key based
authentication.) The equivalent under FreeBSD is *LOCKED*. It's
also quite common for Linux to use /bin/false to mean 'no
interactive shell' -- which also works under FreeBSD, but there it
is more usual to use /usr/sbin/nologin
iii) Shells -- these are almost always found in /bin under Redhat,
whereas under FreeBSD some (sh, csh, tcsh) are in /bin but bash, zsh
etc. or any other shell installed from ports, will be found in
/usr/local/bin.
Remember that on FreeBSD you never edit /etc/passwd directly.
Instead, edit /etc/master.passwd and then run pwd_mkdb to generate
/etc/passwd from /etc/master.passwd and rebuild the pwd.db hashed
lookup files. Using vipw(8) will automate that for you, and lock the
password file correctly against several people all trying to update
it at once, which would usually result in a corrupted password file.
You can also use 'mergemaster -p' to ensure you have all the
necessary system level accounts in place: something that is rather
important as the system won't boot up entirely successfully without.
See also pw(8) and adduser(8) for a couple of programmatic
interfaces for dealing with
