# have i been rooted?

## TheCoop

ive jsut found this in my /etc/passwd:

+:*:0:0:::/etc/NoShell

i havent been able to find anything else, but what could anyone have done with this user?

----------

## adsmith

hmm.. that's bizarre.  run rkhunter, perhaps

----------

## speed_bump

Note that this also looks like an entry that NIS used to basically say: 

After this point, check the NIS database for username information. 

So the question is: are you using NIS? I don't believe that the particular line in question is strictly necessary in modern NIS implementations. That behavior is now usually handled by /etc/nsswitch.conf. However, if you grabbed a password file from an older system, it may well contain that line.

----------

