* the last field in a passwd entry is the shell. Nothing should have a shell except for root and any user accounts that you have set up (and possibly a database like postgres). These things have something else in that entry: sync (/bin/sync), shutdown (/sbin/shutdown), xfs (/bin/false).

* check the UID, which is the number in the third field (delimited by :'s). Only root should be UID 0.

* look for user names you don't recognize.

2000-Mar-23 9:19am furnstahl.1@osu.edu