diff --git a/rust/src/passwd.rs b/rust/src/passwd.rs
index 6a6dbf8409..cb23db01a5 100644
--- a/rust/src/passwd.rs
+++ b/rust/src/passwd.rs
@@ -389,6 +389,36 @@ fn write_data_from_treefile(
         })
         .with_context(|| format!("failed to write /{}", &target_etc_filename))?;
 
+    // Regernate etc/{,g}shadow to sync with etc/{password,group}
+    let db = rootfs.open(target_etc_filename).map(BufReader::new)?;
+    let shadow_name = if target == "passwd" { "shadow" } else { "gshadow" };
+    let target_etc_shadow = format!("{}{}", dest_path, shadow_name);
+    
+    match shadow_name {
+        "shadow" => {
+            let entries = nameservice::passwd::parse_passwd_content(db)?;
+            rootfs
+                .atomic_replace_with(&target_etc_shadow, |target_shadow| -> Result<()> {
+                    for user in entries {
+                        target_shadow.write_fmt(format_args!("{}:*::0:99999:7:::\n", user.name))?;
+                    }                    
+                    Ok(())
+                })
+                .with_context(|| format!("Writing {target_etc_shadow}"))?;
+        },
+        "gshadow" => {
+            let entries = nameservice::group::parse_group_content(db)?;
+            rootfs
+                .atomic_replace_with(&target_etc_shadow, |target_shadow| -> Result<()> {
+                    for group in entries {
+                        target_shadow.write_fmt(format_args!("{}:::\n", group.name))?;
+                    }                    
+                    Ok(())
+                })
+                .with_context(|| format!("Writing {target_etc_shadow}"))?;
+        },
+        _ => {},
+    }
     Ok(true)
 }