2 title: Converting Existing Users to systemd-homed
3 category: Users, Groups and Home Directories
5 SPDX-License-Identifier: LGPL-2.1-or-later
8 # Converting Existing Users to systemd-homed managed Users
10 Traditionally on most Linux distributions, regular (human) users are managed
11 via entries in `/etc/passwd`, `/etc/shadow`, `/etc/group` and `/etc/gshadow`.
13 [`systemd-homed`](https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html)
14 it might be desirable to convert an existing, traditional user account to a
15 `systemd-homed` managed one.
16 Below is a brief guide how to do that.
18 Before continuing, please read up on these basic concepts:
20 * [Home Directories](HOME_DIRECTORY)
21 * [JSON User Records](USER_RECORD)
22 * [JSON Group Records](GROUP_RECORD)
23 * [User/Group Record Lookup API via Varlink](USER_GROUP_API)
27 This is a manual process, and possibly a bit fragile.
28 Hence, do this at your own risk, read up beforehand, and make a backup first.
29 You know what's at stake: your own home directory, i.e. all your personal data.
33 Here's the step-by-step guide:
35 0. Preparations: make sure you run a distribution that has `systemd-homed`
36 enabled and properly set up, including the necessary PAM and NSS configuration updates.
37 Make sure you have enough disk space in `/home/` for a (temporary) second copy of your home directory.
38 Make sure to backup your home directory.
39 Make sure to log out of your user account fully.
40 Then log in as root on the console.
42 1. Rename your existing home directory to something safe. Let's say your user
43 ID is `foobar`. Then do:
46 mv /home/foobar /home/foobar.saved
49 2. Have a look at your existing user record, as stored in `/etc/passwd` and related files.
50 We want to use the same data for the new record, hence it's good looking at the old data.
59 This will tell you the `/etc/passwd` and `/etc/shadow` entries for your user.
60 For details about the fields, see the respective man pages
61 [passwd(5)](https://man7.org/linux/man-pages/man5/passwd.5.html) and
62 [shadow(5)](https://man7.org/linux/man-pages/man5/shadow.5.html).
64 The fourth field in the `getent passwd foobar` output tells you the GID of your user's main group.
65 Depending on your distribution it's a group private to the user, or a group shared by most local, regular users.
66 Let's say the GID reported is 1000, let's then query its details:
72 This will tell you the name of that group.
73 If the name is the same as your user name your distribution apparently provided you with a private group for your user.
74 If it doesn't match (and is something like `users`) it apparently didn't.
75 Note that `systemd-homed` will always manage a private group for each user under the same name,
76 hence if your distribution is one of the latter kind, then there's a (minor) mismatch in structure when converting.
78 Save the information reported by these three commands somewhere, for later reference.
80 3. Now edit your `/etc/passwd` file and remove your existing record
81 (i.e. delete a single line, the one of your user's account, leaving all other lines unmodified).
82 Similar for `/etc/shadow`, `/etc/group` (in case you have a private group for your user) and `/etc/gshadow`.
83 Most distributions provide you with a tool for that, that adds safe
84 synchronization for these changes: `vipw`, `vipw -s`, `vigr` and `vigr -s`.
86 4. At this point the old user account vanished, while the home directory still
87 exists safely under the `/home/foobar.saved` name.
88 Let's now create a new account with `systemd-homed`, using the same username and UID as before:
91 homectl create foobar --uid=$UID --real-name=$GECOS
94 In this command line, replace `$UID` by the UID you previously used,
95 i.e. the third field of the `getent passwd foobar` output above.
96 Similar, replace `$GECOS` by the GECOS field of your old account, i.e the fifth field of the old output.
97 If your distribution traditionally does not assign a private group to regular user groups,
98 then consider adding `--member-of=` with the group name to get a modicum of compatibility with the status quo ante:
99 this way your new user account will still not have the old primary
100 group as new primary group, but will have it as auxiliary group.
102 Consider reading through the
103 [homectl(1)](https://www.freedesktop.org/software/systemd/man/homectl.html)
104 manual page at this point, maybe there are a couple of other settings you want to set for your new account.
105 In particular, look at `--storage=` and `--disk-size=`, in order to change how your home directory shall be stored
106 (the default `luks` storage is recommended).
108 1. Your new user account exists now, but it has an empty home directory.
109 Let's now migrate your old home directory into it.
110 For that let's mount the new home directory temporarily and copy the data in.
113 homectl with foobar -- rsync -aHANUXv --remove-source-files /home/foobar.saved/ .
116 This mounts the home directory of the user, and then runs the specified
117 `rsync` command which copies the contents of the old home directory into the new.
118 The new home directory is the working directory of the invoked `rsync` process.
119 We are invoking this command as root, hence the `rsync` runs as root too.
120 When the `rsync` command completes the home directory is automatically unmounted again.
121 Since we used `--remove-source-files` all files copied are removed from the old home directory as the copy progresses.
122 After the command completes the old home directory should be empty.
123 Let's remove it hence:
126 rmdir /home/foobar.saved
129 And that's it, we are done already.
130 You can log out now and should be able to log in under your user account as usual,
131 but now with `systemd-homed` managing your home directory.
projects / thirdparty / systemd.git / blob