CentOS - Sep 2007 - Very strange problem i have faced in my 2 years carrier

Dear Concerns,

I would like to share a very strange problem. I am from Pakistan/Islamabad.
Last month i was on trainning
from Askari Bank Limited (Juniper). Here in Askari i m running NMS--> MRTGs
using CentOs 4.4. On trainning i recieved
a call from collique saying

 "when i "su -l" NMS says "root user doesnot exist".
and also MRTGs not
working. well i was amazed how was it
possible. In the Evening i came back to office. I boot the machine in single
user mode and type the command;

less /etc/passwd

here when i found that user root existed, but the only thing that was
amazing is;

the spelling of root was changed from "root" to "R00t". i
changed to "root"
and every thing worked.

I want to ask, what is this, this doesnot seem a garbage value or nor
corruption of passwd file. only showing someone changes this. Here we have
bank private network, only two people have access  for it  me and  another
guy.

what are your opinions??????

Please also share your strange experience.

Regards,

Umair Shakil
Askari bank Limited
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20070912/225c202c/attachment.html>

On 12/09/2007, at 4:25 PM, umair shakil wrote:
> Dear Concerns,
>
> I would like to share a very strange problem. I am from Pakistan/ 
> Islamabad. Last month i was on trainning
> from Askari Bank Limited (Juniper). Here in Askari i m running NMS-- 
> > MRTGs using CentOs 4.4. On trainning i recieved
> a call from collique saying
>
>  "when i "su -l" NMS says "root user doesnot
exist". and also MRTGs
> not working. well i was amazed how was it
> possible. In the Evening i came back to office. I boot the machine  
> in single user mode and type the command;
>
> less /etc/passwd
>
> here when i found that user root existed, but the only thing that  
> was amazing is;
>
> the spelling of root was changed from "root" to "R00t".
i changed
> to "root" and every thing worked.
>
> I want to ask, what is this, this doesnot seem a garbage value or  
> nor corruption of passwd file. only showing someone changes this.  
> Here we have bank private network, only two people have access  for  
> it  me and  another guy.
>
> what are your opinions??????
This is usually done to change the root account name to something  
else. This is most often done for security - as most hacking attempts  
use the username root. Changing this to something else means that all  
those attempts would fail. As long as the UID is set to 0, most  
system things won't care that the user root is now known as R00t.

--
Steven Haigh

Email: netwiz at crc.id.au
Web: http://www.crc.id.au
Phone: (03) 9017 0597 - 0412 935 897

Somebody in the thread at some point said:
> the spelling of root was changed from "root" to "R00t".
i changed to
> "root" and every thing worked.
> 
> I want to ask, what is this, this doesnot seem a garbage value or nor
> corruption of passwd file. only showing someone changes this. Here we
> have bank private network, only two people have access  for it  me and 
> another guy.
> 
> what are your opinions??????
I have seen vi do this action when it didn't understand a keycode on teh
terminal you are using properly... change the case of a few letters next
to the cursor.  But IIRC that was busybox vi.

Is it crazy to propose someone opened /etc/passwd in vi, and saved it
out without noticing this had happened?

-Andy