System I administer:
- RH 7.0 / Intel, updated from RH 6.2
- Shadow passwords are in use
- There are several entries in /etc/passwd having
UID=0 / GID=0 with different usernames
all entries having UID=0 and username NOT beginning
with "root[something]" were changed so that the
UID and GID were copied from the entry above.
bofh:x:0:0:Bastard Operator From Hell:/root:/bin/bash
was changed to
bofh:x:531:531:Bastard Operator From Hell:/root:/bin/bash
Entries where username was, t.ex "rootbeer", beginning with
"root" were just as they were supposed to be.
That is unfortunately not clear, and I couldn't reproduce the
problem. The things that I suspect are use of:
"passwd somebody" run as root
"adduser -u 123 -g 123 -d /home/person person"
This may be a bit paranoid or caused by some user having the
root priviledges with some other commands, I'm not too sure
everybody's knowhow is high enough to do what they're doing..
But please do something if reports with similar sympthons pop up.
Jarkko, this looks really weird... Anyway I was unable to reproduce
it, if such thing happens to you again using a recent Red Hat release
and is reproducible, please create a new bug. Thanks!