Restoring passwd and shadow files
Nifty Hat Mitch
mitch48 at sbcglobal.net
Fri Aug 20 19:18:58 UTC 2004
On Wed, Aug 18, 2004 at 05:52:16PM -0700, Tsutomu wrote:
> On Wed, 18 Aug 2004 20:49:04 -0400, Kevin Old <kevinold at gmail.com> wrote:
> > On Wed, 18 Aug 2004 21:45:03 -0300, Patrick Boutilier
> > <boutilpj at ednet.ns.ca> wrote:
> > > You don't need the files that end with ~ and the .lock files. Also you
> > > should copy /etc/group
> >
> > Thanks Patrick. Is a reboot required? I plan on logging into one
> > server as root, copying the files over and then logging in a one of
> > the users from the old server to see if it works...that sound like the
> > way to do it?
> >
... top posting now at bottom ..
> reboot should not be required.
True. However we did not do a comparison of the passwd and group
files to be sure. Perhaps I missed it....
We should have done something like this:
ls -lZ /etc/passwd /etc/group
diff /etc/passwd /etc/passwd.new
diff /etc/group /etc/group.new
# inspect the result of diff and make sure we are OK.
# iff OK continue... now save the old
cp /etc/passwd /etc/passwd.old
cp /etc/group /etc/group.old
# now install the new.
cat /etc/passwd.new > /etc/passwd # Used > to preserve permissions..
cat /etc/group.new > /etc/group
ls -lZ /etc/passwd /etc/group # double check permissons etc.
# now we have both old and new to cross check with current.
Now we might be able to do:
diff /etc/passwd /etc/passwd.old
diff /etc/group /etc/group.old
There is a chance that a daemon process pseudo user has a different
UID/GID. Example all the files that 'squid' might own.
Watch for problems in /var/log/* now and after a reboot. If you saved
the old passwd and group files check to see that only 'common' user
accounts are added (UID and GID less than 499). Others are OK
if you understand them and they do not conflict with bits on disk.
One of the first things that Fedora wants is the creation of a
normal user account. Make sure that that user matches UID/GID in the
new passwd files. Commonly this is the user with UID and GID =
500:500.
See things like /etc/security/group.conf where a system admin might
find a need to create groups like: floppy, games, sound, etc.
If these groups changed numbers some strange things might happen
until things get tidy via a reboot cycle or more.
--
T o m M i t c h e l l
Just say no to 74LS73 in 2004
More information about the fedora-list
mailing list