diff --git a/README.md b/README.md
index 65b2b8f..b2ccae6 100644
--- a/README.md
+++ b/README.md
@@ -103,16 +103,18 @@ Create a new playbook file `playbook.yml` **on your local machine** with the fol
           flavours: # supported flavours
             - standard
           luci_openwisp: # /etc/config/luci_openwisp
+            # other config keys can be added freely
             username: "operator"
             # "password" string encrypted
             password: "$1$openwisp$iQpdG2IrO4lya98cODuUB/"
             salt: "openwisp"
-            # other config keys can be added freely
           openwisp: # /etc/config/openwisp
+            # other config keys can be added freely
             url: "https://my-openwisp2-instance.com"
             secret: "my-openwisp2-secret"
             unmanaged: "{{ openwisp2fw_default_unmanaged }}"
-            # other config keys can be added freely
+          # encrypted password that will be put in /etc/shadow
+          root_password: "$1$8YoE5Fl2$N49pL.Pa.6/fZ/E/f/afw/"  # encrypted version of "myPassword"
 ```
 
 This playbook will let you compile firmware images for an organization named `snakeoil` using only the `standard` flavour (which includes a default OpenWRT image with the standard OpenWISP2 modules) for two architectures, ar71xx and x86.
diff --git a/tasks/3-generator.yml b/tasks/3-generator.yml
index aeeaa78..33983db 100644
--- a/tasks/3-generator.yml
+++ b/tasks/3-generator.yml
@@ -73,6 +73,14 @@
   with_items: "{{ openwisp2fw_organizations }}"
   when: item.luci_openwisp
 
+- name: /etc/shadow
+  template:
+    dest: "{{ openwisp2fw_generator_dir }}/files/{{ item.name }}/etc/shadow"
+    src: generator/shadow.jinja2
+    mode: 0600
+  with_items: "{{ openwisp2fw_organizations }}"
+  when: item.root_password
+
 # the following task loops over each organization and checks whether
 # <playbook-dir>/organizations/<organization-name>/ exists
 # and stores the result of this check in a variable
diff --git a/templates/generator/shadow.jinja2 b/templates/generator/shadow.jinja2
new file mode 100644
index 0000000..aa07439
--- /dev/null
+++ b/templates/generator/shadow.jinja2
@@ -0,0 +1,6 @@
+root:{{ item.root_password }}:17137:0:99999:7:::
+daemon:*:0:0:99999:7:::
+ftp:*:0:0:99999:7:::
+network:*:0:0:99999:7:::
+nobody:*:0:0:99999:7:::
+dnsmasq:x:0:0:99999:7:::