I am the only user who logs on to the server. I logon as root. The
remaining users logon via Samba only from windows machines. On attempting
to logon as root to setup a new user I found it would not accept the
proper password for the root account. The server had been up for over a
month since I last logged on. The Samba users could logon (probably
because smbpasswd is ok). I logged on in single user mode and found that
the /etc/shadow file was missing. I copied the file /etc/shadow- to
create /etc/shadow then rebooted to multiuser mode. I could then logon as
I believe that Samba is irrelevant to the problem as I believe that I
encountered the same problem on my firewall which had no SAMBA support. On
that machine I simply reinstalled to recover so I am not sure that the
shadow file was gone. I don't know if it is relevant but I do use cron to
schedule daily, weekly, monthly backups. I have had no repeat of this
since I stopped using cron on the firewall machine. Tonight was my first
detected problem on the Samba machine. Any thoughts?
I've never seen a Linux system deleting /etc/shadow without being told to.
Chances are someone figured out the root password and is playing games with you.
Also, check the permissions to make sure the samba users can't mount /etc
writable on their windoze boxes.