Is there an easy way to copy user information to a different AIX box?

[redwings]

I am wondering how difficult it would be to copy the user names, passwords and security from one server AIX box to another. Is this possible to do on a live system?

 

[bi]

I've done it by copying the following files from the established system to the new system:

/etc/group, /etc/passwd, /etc/security/group, etc/security/passwd, /etc/security/limits, /etc/environment, /etc/profile/ /etc/security/evniron, /etc/security/login.cfg, /etc/security/user, /etc/security/user.roles.

This has worked for me. One thing to not forget is to set up all the home directories that are specified in the /etc/passwd file. Also, if you have a non-default shell (like bash) in the login.cfg file, be sure to put that into place as well.

 

[redwings]

I would also need to copy over the home directories, is that correct?

 

[bi]

Yes. The easiest way to do it, probably, would be to back up /home on the first system and restore it on the second. Then all the directories and their contents would be put in place, with all the correct ownerships and permissions.

 

[aixqueen]

http://techsupport.services.ibm.com...mode=9&documents=390605209114752&database=aix

Files that can be copied over

/etc/security/group
/etc/security/limits - AIX Versions 4.2 and 4.3 manually merge this file
/etc/security/passwd
/etc/security/.ids
/etc/security/environ
/etc/security/.profile
/etc/group
/etc/passwd

NOTE: Edit the passwd file so the root entry is as follows:

root:!:0:0::/:/usr/bin/ksh

NOTE: In AIX Version 3.2, the initial program was /bin/ksh. You could install the bos.compat.links fileset.

When you copy the /etc/passwd and /etc/group files, make sure they contain at least a minimum set of essential
user and group definitions.

Listed specifically as users are the following:

root
daemon
bin
sys
adm
uucp
guest
nobody
lpd

Listed specifically as groups are the following:

system
staff
bin
sys
adm
uucp
mail
security
cron
printq
audit
ecs
nobody
usr

These users and groups are documented in Appendix D of the AIX Version 4.3 Installation Guide.

If the bos.compat.links fileset is installed, you can copy the /etc/security/mkuser.defaults file over. If it is not
installed, the file belongs in the /usr/lib/security directory. The /etc/security entry is a symbolic link to
/usr/lib/security.

If you copy over mkuser.defaults, changes must be made to the stanzas. Replace group with pgrp, and
program with shell. A proper stanza should look like the following:

user:
pgrp = staff
groups = staff
shell = /usr/bin/ksh
home = /home/$USER

The following files are different at AIX Version 4.x and CANNOT be copied over:

/etc/security/login.cfg
/etc/security/user

NOTE: Manually edit these files on the AIX Version 4.x system.

In the new /etc/security/user file, you may want to copy the individual user stanzas from the 3.2.5 user file and
modify the default stanza to have the same values. Edit the default stanza to contain the pw_restrictions entries
formerly found in login.cfg (3.2.5).

In AIX 3.2 the password restrictions are applied universally. In AIX 4.x they can be applied individually. You may
want to reevaluate which stanzas to modify. This is optional. You can also decide whether or not to implement any
of the new features presented in the user file.

Once the files are moved over, execute the following:

usrck -t ALL
pwdck -t ALL
grpck -t ALL

This will clear up any discrepancies (such as uucp not having an entry in /etc/security/passwd). Ideally this should
be run on the 3.2.5 system before copying over the files as well as after porting these files to 4.x.



Migrating from AIX version 4.1 to 4.2 and 4.3

All of the files described in the preceding discussion can be copied directly, except the /etc/security/limits file.
This now includes both soft and hard limits, so the file must be manually merged.

 

[kkvinjam]

Yes, i had done on thin on my live system just by copying the /etc/passwd /etc/security/*