How to easily migrate local users and groups from one system to another system ?

Solution Verified - Updated -


  • Red Hat Enterprise Linux (RHEL) 4, 5, 6, 7


  • All local users and groups (within a certain UID/GID number range) need to be migrated from one old system to another freshly-installed system without manually creating said users on the new system.


Disclaimer: This information has been provided by Red Hat, but is outside the scope of our posted Service Level Agreements and support procedures. The information is provided as-is and any configuration settings or installed applications made from the information in this solution could make your Operating System unsupported by Red Hat Support Services. The intent of this solution is to provide you with information to accomplish your system needs. Use the information in this solution at your own risk.

Important:Take a complete backup before starting this activity and test these steps in a test environment first.

In order to accomplish this task, it will be necessary to utilize some rudimentary bash and awk scripting.

Copy-pasteable commands are included below. The only thing that potentially needs to be modified is the first line, where the start of the UID & GID ranges is set as a variable. On a RHEL 5 and RHEL 6, normal users & groups typically begin at #500; however, on a RHEL 7 system, this range starts at 1000 by default.

The awk command could be adapted to only grab UIDs and GIDs within specific ranges -- as it stands, it will grab all users and groups with UIDs and GIDs higher than 500.

Step 1, on source

  • Run the following commands as root on the old (source) system which has users configured

    for f in /etc/{passwd,group}; do awk -F: -vID=$ID_minimum '$3>=ID && $1!="nfsnobody"' $f |sort -nt: -k3 > ${f#/etc/}.bak; done
    while read line; do grep -w "^${line%%:*}" /etc/shadow; done <passwd.bak >shadow.bak
    while read line; do grep -w "^${line%%:*}" /etc/gshadow; done <group.bak >gshadow.bak
  • After running the above as root on the original source system, 4 new files will be present in the current directory (passwd.bak, group.bak, shadow.bak, and gshadow.bak). Inspect them to ensure the appropriate users and groups were gathered.

  • Next, transfer each of the 4 files onto the new destination system, using rsync, scp, or some other method.

Step 2, on destination

  • Run the following command as root on the new (destination) system in a directory containing the four .bak files created in the previous step

    # for f in {passwd,group,shadow,gshadow}.bak; do cat $f >>/etc/${f%.bak}; done
  • Note that this will not do any checking to prevent UID/GID collisions with existing users.

Step 3, on destination

  • Run the following final compound command (copy & paste the whole block) on the new (destination) system in the same directory as the previous step

    for uidgid in $(cut -d: -f3,4 passwd.bak); do
        dir=$(awk -F: /$uidgid/{print\$6} passwd.bak)
        mkdir -vm700 "$dir"; cp -r /etc/skel/.[[:alpha:]]* "$dir"
        chown -R $uidgid "$dir"; ls -ld "$dir"
  • This final command will create home directories for the new users, along with setting proper ownership/permissions and copying the default config files from /etc/skel.

Note: Scripting the backup and transfer of the files in each user's home directory is beyond the scope of this simple article, but don't forget this if it is necessary.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.


This procedure did not work when the target system was RHEL 7.6!

Could you be more specific why it didnt work on RHEL7.6?

I believe it was some special users specific to our applications. There were some users and groups that should be excluded. I would just review the files before execution and remove users and groups not required. When I did not do that it started changing permissions/ownerships of almost all files on the system.

That is not working from a RHEL 7.7 to another RHEL 7.7 All files on the system changes to polkitd

This happened to me also. Note there is a statement on #2 saying there is no checking for UID/GID collision with existing users. I modified #1 line 2 to exclude a few accts that already existed on the new box. Someone else may want to do the same:

for f in /etc/{passwd,group}; do awk -F: -vID=$ID_minimum '$3>=ID && $1!="nfsnobody" && $3!=998 && $3!=999 && $3!=1000' $f |sort -nt: -k3 > ${f#/etc/}.bak; done

Step 2 is commented?

Please provide similar scripts to migrate users from AIX to Linux

While the article clarifies that migration of each user's home directory is beyond the scope, since /etc/skel/ includes .bashrc and .bash_profile if the users you are migrating have customized these files it may not be a bad idea to copy these over from the source server even if you are not migrating other files and directories for the user.

I have used this methodology several times in the past and had no problems until now. I have built out 8 new RHEL 7.8 servers. I am using a RHEL 7.7 server as the source for the *.bak files. Once I have transferred the 4 *.bak files to the destination server and I initiate the "for f in {passwd,group,shadow,gshadow}.bak; do cat $f >>/etc/${f%.bak}; done" command I receive the following messages.

-bash: /etc/passwd: Permission denied -bash: /etc/shadow: Permission denied

On the source server I have used "ID_minimum=500" and "ID_minimum=1000" and the same results. Any thoughts? Thank you in advance.

I was able to resolve my issue by disabling and removing the McAfee agent. Everything is good now.