Oops, password shadow nuked, Any possible fix?

So while merging lingering pacnew files my late nigh sleepy mind did something really silly and the shadow was reset.

Code:

/etc/shadow

root:************************************::::::
bin:x:14871::::::
daemon:x:14871::::::
mail:x:14871::::::
ftp:x:14871::::::
http:x:14871::::::
uuidd:x:14871::::::
dbus:x:14871::::::
nobody:x:14871::::::
systemd-journal-gateway:x:14871::::::
systemd-timesync:x:14871::::::
systemd-network:x:14871::::::
systemd-bus-proxy:x:14871::::::
systemd-resolve:x:14871::::::
******:************************************::::::

The root and admin user passwords are easy to fix as I do remember them in plain text. But all the other accounts used by different services are now stuck. For now what I do is simply delete all the password fields expect root and admin in passwd file which does make the system usable but obviously full of holes.

The system is only running trusted software so I'm not too worried about short term security, but I can't continue running the machine like this. Is there anyway I can log all user login credentials used and then trigger each service using those accounts to get my shadow records fixed?

 

Code:

pwconv

That'll do it.

 

With all the hashes in shadow lost pwconv can only generate empty records:

I'm looking for a way to get the correct hashes back without digging into the config files of each service, possibly by logging each login attempt with the password/hash used.

 

How did you end up with hashes in your system or service users? Normally they don't have hashes since they aren't meant for interactive login sessions. Usually they either have ! or * in the password field as they are supposed to be locked.