Migrating AIX User Environments

Migrating AIX User Environments




Recently we had a requirement to build a new AIX environment in a remote office. Due to the unreliable network pipe between our main operations office and the remote site, building a new AIX host via NIM restore or transferring a mksysb image over the network weren't options. The only viable alternative was to build the AIX host from scratch.

To get started, we mailed the remote office the AIX base ISOs that we needed to load into the VIO server. Once the ISOs were received and loaded, I installed AIX. Now we were ready to tailor build the host. To get the relevant user and group environments created, we made a .tar file from the following files running on one of our current hosts:

1) Passwd and group files.
2) Relevant security files.
3) Audit configuration files (optional).

In addition, we "tarred up" the users' HOME directories for migration:


(Note: AIX uses the two idx files for searching by creating index files. However, they're not critical, so don't worry if you don't have them. AIX will work fine without them.)

Finally, we tarred up the audit system. This is especially advantageous for enterprises that have substantially customized their audit configuration.


In our case, migrating these files and directories was sufficient. We were going from AIX version 5.3 to 6.1. Of course, if you're staying at the same AIX level, it's even easier. Then you can simply tar up these directories:


I've taken this approach and it works for me. It's certainly quicker. Any tidying up can be done once the files are untarred on the remote side. This tar command could be used to backup the necessary users environments and accounts:

	tar –cvf users.tar /etc/passwd /etc/group /etc/security

Next, select the HOME directories you want to tar up for specific users. Remember: The system accounts will have already been created with the AIX base install. So select only support users and environment accounts used for applications. For example, to tar users dxtans and jpann to a file called home.tar, I could use:

	tar -cvf home.tar /home/dxtans /home/jpann

Don't be concerned if you tar up more user HOME directories than you require. Again, it can all be tidied up on the remote side.

On the Remote Side

Once the tar files are transferred onto the remote host, you're ready to create the users. First untar the users.tar file:

	tar –xvf users.tar

This will recreate the passwd/group and security files. Now remember this is being untarred onto a brand new AIX base build, so -- assuming you're going to the same AIX version -- overwriting existing users/groups won't matter since they'll already have default UID/GUIDs.

Next, untar the HOME directories:

tar –xvf home.tar

Tidying Up

Now let's tidy up. Confirm you can su to the root account and login as root, using the root passwd from the host you tarred the files up from. Change it if required. Edit /etc/security/user. This file contains user defined roles where individual roles can override the defaults. Change the individual roles as required by using either the chuser command or manually editing the /etc/security/user file. Any users that aren't needed on the remote system can be removed. If the remaining users were previously authenticated via network services, one may want to set them to local authentication initially. Use the chuser SYSTEM=compat registery=files to change them to local, then reset their passwd with chpasswd, perhaps to change it to their login name initially. If the users were previously authenticated via Kerberos or LDAP, simply install the file sets and configure Keberos/LDAP. Then use the chuser command to bring them into NAS.

Next, confirm that the group, passwd and users are present as contained in the previously noted user tar file noted previously. They have been installed are correct and the file content stanzas are consistent with the users created on the host. You'll likely find some user entries in the passwd file, but no relevant group entries in the group files, or visa versa. These are easily fixed. Just remove the user /group you don't want, or have this done automatically through AIX. Run:

	pwdck –n ALL

If any errors are reported, fix them manually or use the pwdck command:

	pwdck –y ALL

Similarly, for the group file, check for errors with the grpck command:

	grpck –n ALL

To fix errors, use:

	grpck –y ALL

Next, check user stanzas with:

	usrck –n ALL

To fix these errors, use:

	usrck –y ALL

User crontabs directories ( /var/spool/cron/crontabs) can also be migrated, though it isn't mandatory. While I've done this for certain user application environments, I certainly bother transferring user email boxes, as these are usually just job outputs.

Transferring large files? Try this

A final tip: When you actually do have to scp a large file over a slow network, be sure to use a low grade cipher as this will save time when decrypting on the remote side. For me, arcfour has produced the fastest scp transfers. Also, specifying that the scp bandwidth is no larger than 1MB should allow you to avoid stalling. To scp a large file called myfile, I'd use:

	scp –c arcfour –L 8192 myfile user@ 

If you need to build a new AIX machine from scratch but are dealing with poor network performance, get as many of the configuration files across from a running AIX box as possible. It will save you time.

0 (0)
Article Rating (No Votes)
Rate this article
There are no attachments for this article.
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Online Backups and Recovery in a Snap AIX
Viewed 4388 times since Wed, May 30, 2018
Got Duplicate PVIDs in Your User VG? Try Recreatevg!
Viewed 2748 times since Fri, Feb 1, 2019
10 AIX Commands to Add to Your Toolbox
Viewed 3949 times since Sat, May 19, 2018
Viewed 11153 times since Mon, Sep 17, 2018
Setting new device attributes with chdef
Viewed 1866 times since Mon, Jun 3, 2019
Finding password rules in AIX
Viewed 2270 times since Mon, May 28, 2018
AIX Replacing a failed disk (rootvg)
Viewed 7858 times since Tue, Jul 17, 2018
Check connection (rsh or nimsh) between NIM server and LPAR
Viewed 8739 times since Thu, Feb 21, 2019
Burn Image to DVD in AIX
Viewed 12919 times since Thu, Sep 20, 2018
System Admin Mirrorvg without locking the volume group
Viewed 2717 times since Mon, May 21, 2018