Stuck on blue screen after running "rm *" in /

I accidentally executed rm * on / and since then I am unable to see my desktop. All I see is a blue screen with spinning gear.

Irony is I somehow missed my OS and other CDs too that came with my Mac. I followed this article on starting up in safe mode but it shows progress bar for long time and then again get stuck to blue screen

Attached is screen I see on boot.

I can't get Into safe mode either, so how can I get back to a working system?

PS: I also wonder whether I be able to get my desktop settings again without compromising all settings? I am specially concerned with software installed via home brew, Databases etc. Is it possible to to restore or copy deleted files by some kind of repair via CD?. My hidden files infusing bash_profile etc are also there. Can you guide how should I proceed?

update I log onto single mode. Check image. What do i do now?

update#3

finally

Solution 1:

Depending on your system setup and your command you probably lost only some files - including one essential - and folders and some sym-links.

Using the command rm * - executed by an admin in the root folder - usually deletes the sym-link /etc only:

• Boot to single user mode, check your file system with /sbin/fsck -fy, and mount root read/writable with /sbin/mount -rw /. Then recreate the sym-link /etc with ln -s /private/etc /etc and reboot your Mac with shutdown -r now.

Using the command sudo rm * - executed by a sudoer in the root folder - in a standard setup you'll only lose the file 'mach_kernel' and the sym-links 'etc', 'tmp' and 'var'.

(No other files were deleted in the file system). After further investigations it turns out that some other files and folders are also deleted often: a folder with a sudoer's name (usually the short name of your admin account) in /private/var/db/sudo/ and a .state file with an arbitrary name (the generatedUID of your admin/sudoer account) related to another equally named file in /private/var/db/shadow/hash/. I can't determine if they are deleted by 'sudo', 'rm' or 'sudo rm'. These files & folders are of minor importance though.

I've tested that in an almost vanilla Mac OS X 10.6.8 Server VM.

Before executing sudo rm * the root folder looks like this - invisible files, folders and sym-links included - with ls -la:

drwxrwxr-t  32 root  admin      1156 25 Dez 11:55 .
drwxrwxr-t  32 root  admin      1156 25 Dez 11:55 ..
-rw-rw-r--   1 root  admin     15364  4 Jan 14:35 .DS_Store
drwx------   3 root  admin       102 10 Sep 01:37 .Spotlight-V100
d-wx-wx-wt   2 root  staff        68 10 Sep 01:23 .Trashes
----------   1 root  admin         0 23 Jun  2009 .file
drwx------  38 root  admin      1292  4 Jan 14:59 .fseventsd
-rw-------   1 root  wheel      4096 10 Sep 01:29 .hotfiles.btree
drwxr-xr-x@  2 root  wheel        68 18 Mai  2009 .vol
drwxrwxr-x+ 35 root  admin      1190 25 Dez 16:49 Applications
drwxrwxr-x@ 16 root  admin       544 25 Dez 12:04 Developer
drwxrwxr-t+  2 root  admin        68 10 Sep 01:37 Groups
drwxrwxr-t+ 65 root  admin      2210 25 Dez 12:02 Library
drwxr-xr-x@  3 root  wheel       102 26 Feb 20:43 Network
drwxr-xr-x   4 root  wheel       136 10 Sep 01:28 Shared Items
drwxr-xr-x   4 root  wheel       136 10 Sep 02:02 System
drwxr-xr-x+  5 root  admin       170 10 Sep 01:37 Users
drwxrwxrwt@  4 root  admin       136 26 Feb 20:43 Volumes
drwxr-xr-x@ 39 root  wheel      1326 10 Sep 02:09 bin
drwxrwxr-t@  2 root  admin        68 23 Jun  2009 cores
dr-xr-xr-x   3 root  wheel      4013 26 Feb 20:43 dev
lrwxr-xr-x@  1 root  wheel        11 10 Sep 01:26 etc -> private/etc
dr-xr-xr-x   2 root  wheel         1 26 Feb 20:43 home
-rw-r--r--@  1 root  wheel  20828964  8 Jun  2011 mach_kernel
dr-xr-xr-x   2 root  wheel         1 26 Feb 20:43 net
drwxr-xr-x@  6 root  wheel       204 10 Sep 01:28 private
drwxr-xr-x@ 68 root  wheel      2312 10 Sep 02:09 sbin
lrwxr-xr-x@  1 root  wheel        11 10 Sep 01:26 tmp -> private/tmp
drwxr-xr-x@ 14 root  wheel       476 25 Dez 11:57 usr
lrwxr-xr-x@  1 root  wheel        11 10 Sep 01:26 var -> private/var

After executing sudo rm * only one file and the sym-links vanished:

drwxrwxr-t  28 root  admin   1020 26 Feb 19:41 .
drwxrwxr-t  28 root  admin   1020 26 Feb 19:41 ..
-rw-rw-r--   1 root  admin  21508 26 Feb 19:41 .DS_Store
drwx------   3 root  admin    102  9 Sep 23:37 .Spotlight-V100
d-wx-wx-wt   2 root  20        68  9 Sep 23:23 .Trashes
----------   1 root  admin      0 23 Jun  2009 .file
drwx------  38 root  admin   1292  4 Jan 13:59 .fseventsd
-rw-------   1 root  wheel   4096  9 Sep 23:29 .hotfiles.btree
drwxr-xr-x@  2 root  wheel     68 18 Mai  2009 .vol
drwxrwxr-x+ 35 root  admin   1190 25 Dez 15:49 Applications
drwxrwxr-x@ 16 root  admin    544 25 Dez 11:04 Developer
drwxrwxr-t+  2 root  admin     68  9 Sep 23:37 Groups
drwxrwxr-t+ 65 root  admin   2210 25 Dez 11:02 Library
drwxr-xr-x@  3 root  wheel    102 26 Feb 19:39 Network
drwxr-xr-x   4 root  wheel    136  9 Sep 23:28 Shared Items
drwxr-xr-x   4 root  wheel    136 10 Sep 00:02 System
drwxr-xr-x+  5 root  admin    170  9 Sep 23:37 Users
drwxrwxrwt@  4 root  admin    136 26 Feb 19:39 Volumes
drwxr-xr-x@ 39 root  wheel   1326 10 Sep 00:09 bin
drwxrwxr-t@  2 root  admin     68 23 Jun  2009 cores
dr-xr-xr-x   3 root  wheel   4013 26 Feb 19:39 dev
dr-xr-xr-x   2 root  wheel      1 26 Feb 19:39 home
dr-xr-xr-x   2 root  wheel      1 26 Feb 19:39 net
drwxr-xr-x@  6 root  wheel    204  9 Sep 23:28 private
drwxr-xr-x@ 68 root  wheel   2312 10 Sep 00:09 sbin
drwxr-xr-x@ 14 root  wheel    476 25 Dez 10:57 usr

Using a non-standard setup all other files and sym-links in the root folder (if any exist at all) will be deleted also. All non-standard folders (e.g. /opt) survive.

• If you didn't delete the kernel file (which is unlikely), try to boot to single user mode and rebuild the three deleted sym-links with ln -s /.../folder /folder (e.g. ln -s /private/etc /etc)

• If you have a backup and deleted the kernel file, try to restore the file mach_kernel, the symlinks, the folder with your admin user name in ../sudo/ and the missing state file. You need some bootable hard disk/thumb drive to restore those files from the backup.

• If you don't have a backup try to copy the file mach_kernel from another Mac with the same system (e.g. 10.6.8). Recreate the symlinks. You probably have to adjust ownership and permissions (see listing).

  "mach_kernel" is also available in the Mac OS X Combo Update 10.6.8 and probably other combo updaters like Mac OS X Combo Update 10.6.6 and Mac OS X Combo Update 10.6.7. Thus updating your corrupted system with the combo updater from an external bootable thumb drive or attached in target-disk mode to another Mac should also work.

  After restoring the kernel file and the symlinks you might boot to super user mode and enter mount -o rw,remount / and create the missing folder in /private/var/db/sudo/ with mkdir /private/var/db/sudo/adminname. The missing .state file rebuilds itself.

If you've executed sudo rm -dR * you are doomed without a proper backup. My system was unbootable afterwards but bewilderingly only ~524 MB of 9860 MB were deleted after override confirmations for '/System/Library/CoreServices/boot.efi' and '/dev/fd/4'.
In a second attempt i got 8445 MB of 9860 MB deleted using sudo rm -dR *. The first attempt might have also been recoverable with the Combo Update, the wimpy remains of the second attempt surely aren't.