Thursday, June 15, 2017

Migrating user accounts from older Linux to RHEL7 / CentOS7

Another pointless change just to break backwards compatibility - RHEL7 and CentOS7 prevent users with uid lower than 1000 from logging in. This is bad when you're migrating accounts from existing Linux server where uids start at 500.

Number of configuration files under /etc/pam.d enforce this limit. Editing them by hand works until next time authconfig is executed and then default setting is back.

Fix this by editing /etc/login.defs and change UID_MIN and GID_MIN from default 1000 to 500.
Then run "authconfig --update"

Before:
/etc/pam.d/password-auth:auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
/etc/pam.d/password-auth:account     sufficient    pam_succeed_if.so uid < 1000 quiet

After:
/etc/pam.d/password-auth:auth        requisite     pam_succeed_if.so uid >= 500 quiet_success
/etc/pam.d/password-auth:account     sufficient    pam_succeed_if.so uid < 500 quiet


I used following commands to migrate user logins with passwords. Rest is easy - just rsync home directories across the network or do NFS mount.

awk -F: '{if ($3 >= 500 && $3 < 1000) { print } }' passwd.gramps >>/etc/passwd
awk -F: '{if ($3 >= 500 && $3 < 1000) { print } }' group.gramps >>/etc/group
awk -F: '{if ($3 >= 500 && $3 < 1000) { print $1 } }' passwd.gramps | egrep -f - shadow.gramps >>/etc/shadow

And grant sudo access by adding to my login to wheel group.

usermod -aG wheel asiantuntijakaveri

No comments:

Post a Comment

Got something to say?!