Recovering from Deleted Password and Shadow Files

We have all done it before. Idiotic actions that result in catastrophic results (usually in conjunction with "sudo"). Some more than others. Have you ever tried clearing out some directory using "sudo rm -rf *", and then realized you were actually in the root directory? What about "sudo rm -rf .*", in the mistaken impression all you are going to being is to blow away hidden files in the current directory? In case you were wondering, this actually blows away the entire directory tree rooted one level above your current directory. I have done all these, and more. Chalk each one up to a lesson learned. Most recently, while trying to sync accounts on a cluster, I deleted the /etc/shadow file, and accidently logged myself out. This results in complete lack of access to the host (try it and see!). Fortunately, the very flexibility and power of POSIX-based operating system that allows the possibility of major damage also does allow, sometimes, for a recovery from that damage. For posterity's sake, and as a sort of penance, I will document here how to go about recovering from this. You will need physical access to the machine, and will need to know how to get it to boot into single user mode. On Linux distributions using GRUB, this is accomplished by rebooting the machine, and, when the boot menu appears, type "e" to edit the boot options, select the line specifying the kernel options, and append the following:

single init=/bin/bash

This will result in the kernel being loaded and dropping us directly into a root shell without being prompted for a password. At this point, however, the system (root) volume has been mounted as read-only (and no other volumes have been mounted). To remount the root volume with read-write privileges:

mount -rw -o remount /

Ok, now we are in, and we have write-access to the root. That is 90% of the battle won. We can now do one of two things: (1) restore the /etc/shadow (and /etc/passwd) file from a backup, or (2) recreate them from scratch. For the former option, you might find viable back-ups in /var/backups. For the latter, you will first have to recreate the shadow file using pwconv and then reassign the administrator password using passwd.