Hi,

A senior guy told me , that I can restore my /etc/passwd file(if deleted) by running the command pwconv. I deleted my /etc/passwd without making a backup.
I deleted /etc/passwd and when i run pwconv its the result.
# pwconv
pwconv: can't open passwd file


Am afraid to reboot my system as it may disallow me to login , since /etc/passwd is still missing.


AnyWay to get it back? Am sorry i used "rm -rf /etc/passwd" to delete it.

Please advise.

sure, just restore it from a backup copy from your daily or weekly backup run

serously... you took someones word on something as crucial as that? did you not even check the pwconv manpage before diving in? what pwconv does is create /etc/shadow based on /etc/passwd. it's not possible to recreate /etc/passwd based on thin air. asuming this is under redhat you can obtain a basic passwd file from the "setup" rpm on the install media.

in terms of the way you've approached this i'd really say you need to take a deeper breath before you do anything. if you ran "rm -rf /etc/passwd" then you aren't using rm correctly, and if there's one command you *REALLY* need to understand it's rm, as here the -r and -f options were both unneeded / incorrect... could end up in a lot more sticky situations if you arne't comfortable with exactly how commands like that work.

Quoted snipplet from man 5 passwd
So..thoretically you could make a passwd file out of thin air (if you were root), but for it you would need to remember all the user and group ID numbers, for example..part of that information is in /etc/group file, but it sure is a lot of work. Like acid_kewpie said, you're probably easier off by putting back a(s recent as possible) backup copy of passwd file, or if it's not possible [it SHOULD be], reinstalling the package that contains the passwd file that came along your original setup, and possibly modifying that then.

It's always a good idea to take a look at the command you're typing if you're not 100% sure of what you're doing, and if you're removing something, at least make sure you have a backup copy of it if it's important at all

Sorry dear,

I heard this from a senior person who interviewed me a couple of days back. He argued with me "pwconv" will surely get it.
This is my own system and there will be not much loss i think.
shall i write a new /etc/passwd file, with root user only . Will it work?

no, there are dozens of other user accounts for printers, disks etc... which are also important to restore the system to full operation. what distro are you using?

Am using RHEL EL 4.

From pwconv manpage:
You could use pwunconv to recover passwd from shadow.
Make a backup of /etc/shadow first, just in case

useful for sure, but that is just for filling in the blanks in an existing passwd / shadow pair. without passwd at all pwunconv is not going to help.

Unfortunately, you followed bad advice. pwconv and pwunconv are used to move the passwd strings to /etc/shadow and back to /etc/passwd. If you happen to run pwconv on a system that already has an /etc/shadow, it will create empty placeholders for the new accounts that have shown up. It won't populate any hashes for you.

If you've got another system handy, you might be able to copy over another /etc/passwd file and use it as the basis for setting things right on your system. One from a live CD might also work. Take this as a lesson not to make changes without a backup or a recovery plan.