I switched to another NixOS Configuration and deleted my main user

… Now I can’t log in and my system is broken. This is what essentially happened to me recently 😄. Luckily, I was able to fix my system. But let’s go through what happened step by step.

Disclaimer: This guide is not meant for absolute Linux beginners. To follow the guide, you need to understand the basics of NixOS, how to work with a shell, and how to mount partitions. Also, this guide is one possible solution to recover your system. Others might exist.

Disclaimer 2: Always think twice before you copy and execute commands into your shell.

Context

I’m running a NixOS 23.11 system with GNOME as desktop environment. If you are facing the same problem without using GNOME, you must slightly adapt my guide to your desktop environment or to the terminal. I’m confident that you can manage that! 🙂

How I locked myself out of my system

I was about to try a configuration from another flake by using nixos-rebuild switch --flake <url>#host. Both, my actual NixOS configuration and the one I wanted to try out are single-user configurations, based on NixOS 23.11. Unfortunately, the new NixOS configuration had another username configured 🤦🏼. The new user of course didn’t have a password configured. Once I switched the configuration, I couldn’t sudo anymore, and I was screwed, as essential files about my current user were removed from the system. Luckily, my home directory was not deleted!

As I had no other choice, I rebooted and, as expected, I was unable to log in with my typical user. GNOME didn’t present me a single selectable profile, but only the User name not shown? option. Of course, it didn’t know my old user. The new user from the new configuration didn’t work either, as no initial password was specified.

Linux files for user management (/etc/passwd and /etc/shadow) are managed by NixOS, but aren’t part of the Nix store. So, rebooting into an older NixOS configuration didn’t save me either.

Rescue #1 (Didn’t work for me)

If you can log in as root with your root password in GNOME using the User name not shown? option, go on, rebuild your actual working NixOS configuration with the proper username, and rebuild the system. Unfortunately, this strategy didn’t work for me somehow: The GNOME login screen didn’t accept my root login password for some reason. Did I forget my root password? 🤔

The Actual Rescue (if you can’t log in as root)

But here to the rescue: (By the way: the same procedure will also help you on other Linux distributions.) Boot a live Linux from a USB stick on your machine. You can for example use the NixOS Gnome installer ISO or the Ubuntu installer ISO for that.

Once you have done that, run the following commands in a shell of the live Linux. Please pay attention to the comments.

# Decrypt the NixOS system's root volume:
# only needed when you use a (LUKS-)encrypted volume
$ sudo cryptsetup open /dev/<dev> root  

# Create mount point for root volume
$ sudo mkdir /mnt/root 

# Mount the root partition: for example /dev/mapper/root (when 
# mounting a LUKS volume) or just /dev/sda2  
# run "$ lsblk" for guidance
$ sudo mount /dev/<dev> /mnt/root 

# Modify the line `root:x:...` to `root::...` (remove the x) from passwd
$ sudo <editor of your choice: nano, vim, micro> /mnt/root/etc/passwd

With these commands, we unset the need for a password of the root user. This is just a temporary measurement! For security reasons, I highly recommend disabling all network connections (remove ethernet cable, remove Wi-Fi dongle) until you enabled the root password again!

By the way: Before fiddling around with the root user, I tried to change authentication settings for my old users in /etc/passwd, but without success.

Now, if you executed all the commands from above with success, you can exit the live Linux, restart the system, and normally boot into your NixOS. You should now be able to log in as root without a password. In fact, GNOME should prompt you with a “System administrator” profile.

Next, rebuild the actual working NixOS configuration with the correct (users) configuration and switch to it. Run $ passwd <username> to set a new password for the just (re)created user. Reboot again. Now, things should be fine and working again.

Next, when you are logged in as your normal user again, edit /etc/passwd ($ sudo <nano|vim|micro> /etc/passwd) again and set the x again for the root user. The passwd file should look like `root:x:... instead of root::... now. Otherwise, your root user keeps having no password ⚠️!

Now reboot and login as your normal user. Once you’ve done that, try switching to the root user with $ su -. If you are prompted for a password, everything is fine. If not: This is not good (but very unlikely at this point)! 😅 If you are experiencing this unlikely situation, you should be able to set a new password for the root user using $ sudo passwd root.

Remove the “System Administrator” Login Option in GNOME

Following these steps, my system was fully functional and working again, but GNOME prompted me with two login profiles now: My user and the “System Administrator”. To get rid of the latter, I simply ran: $ sudo rm /var/lib/AccountsService/users/root. After a reboot, the “System administrator” profile was gone.

Conclusion

NixOS has no measurements to prevent deleting your only user. To be fair: This is a general Linux problem. With great power comes great responsibility. However: As NixOS doesn’t delete your home directory, no state is lost.

PS: I chose a title that is likely to be entered by Google users. Normally, I’d use a “How to recover from .. when you …” derivaton.