[cobalt-users] Strange entries in /etc/passwd -- possible security breach

["Jolley, Carl" <Carl.Jolley@xxxxxxx>]

I recently took a look at my /etc/passwd file and found a couple of entries
append to the end of the file 
that I did not know about. They haven't always been there The usernames are
sauser and saroot the
home directory tnetires are /home/sauser and /home/saroot. The content of
the files in those directories
appear to be the Cobalt default stuff used when a new virtual host is
created. For example one of the
files is /home/sauser/user/en_US/web/index.html and the content of that file
makes reference to the Raq3.

Also strange is that the consecutive uid numbers assigned for the new users
are quite a bit larger than the
uid number of the last user I added. There are also entries in the
/etc/shadow file for them but the crypted
password strings are 34 chracters long rather than 13 like all my other
entries. Both new passwd entries
have gid values of 0, i.e. root's group.

Any thoughts. Is this stuff legit? Can I/Should I just remove the entries
from the passwd file and remove
the home directories? So far  there are _apparently_ no login's for either
of these two users based on
the contents of the last log. Based on creation dates of the files in the
respective home directories,
these things appear to have been created 4 days ago,