The ‘root’ entry was removed from /etc/shadow and /etc/passwd. How to recover the deleted root user entry.
To be able to recover the deleted root user entry from /etc/shadow and /etc/passwd file, we need to boot the system into single user mode. Follow the steps below to boot the system into single user mode and recover the deleted root user entry.
Booting the system into single user mode
1. Boot the system and press [e] at the Grub Kernel selection whilst highlighting a working Kernel.
2. Scroll down to the linux16 line, goto the end of the line and type rd.break.
3. Press CTRL+X to boot with the modified options.
4. At the switch_root prompt, remount the system’s root as writable and then switch to it:
switch_root:/# mount -o remount,rw /sysroot switch_root:/# chroot /sysroot
Recovering the deleted root entry
Once you have booted into the single user mode follow the steps given below to recover the deleted root entry.
1. Add the root entry back into /etc/passwd file. Below shown is the most commonly used attributes of the user root.
# vi /etc/passwd root:x:0:0:root:/root:/bin/bash
2. Similarly, add the root entry back into /etc/shadow file.
# vi /etc/shadow root:*::0:99999:7:::
3. Re-create your root password using the passwd command.
4. If SELinux is enabled, force a filesystem relabel on reboot by creating the file .autorelabel in the / directory.
# touch /.autorelabel
5. As a final step reboot the server and verify if you can login into the server using the user root.