Sometime by accident you may delete /etc/shadow file. If you boot into single user mode, system will ask root password for maintenance, and just imagine you do not have a backup of /etc/shadow file. How do you fix such problem in a production environment where time is critical factor? I will explain how to recover deleted /etc/shadow file in five easy steps. It will take around 10 min. to fix the problem.
Well all it started when one of our client accidentally deleted /etc/shadow file from co-located Debian Linux server. As a result, all account login disabled. However, ftp was working fine because proftpd was build using MySQL database for authentication and quota management.

BOOT SERVER INTO SINGLE USER MODE

1) Reboot server

2) Next, you will see grub-boot loader screen. Select Recovery mode the version of the kernel that you wish to boot and type e for edit. Select the line that starts with kernel and type e to edit the line.

3) Go to the end of the line and type init=/bin/bash as a separate one word (press the spacebar and then type init=/bin/bash). Press enter key to exit edit mode.

init=/bin/bash


4) Back at the GRUB screen, type b to boot into single user mode. This causes the system to boot the kernel and run /bin/bash instead of its standard init. This will allow us gain root privileges (w/o password) and a root shell.


# mount -rw -o remount /


Do not forget to (re)mount your rest of all your partitions in read/write (rw) mode such as /usr /var etc (if any)


Rebuild /etc/shadow file from /etc/passwd



1) You need to use pwconv command; it creates /etc/shadow from /etc/passwd and an optionally existing shadow.


# pwconv


2) Use passwd command to change root user password:


# passwd


3) Now root account are ready to go in multi-user mode. Reboot the system in full multiuser mode:


# sync
# reboot