On 16 February 2011 14:17, <m.roth at 5-cent.us> wrote: > What does lastlog | grep -v Never show you? > Hi Mark, This has shown something (potentially) interesting: [root at server ~]# lastlog | grep -v Never Username Port From Latest root pts/2 x.x.x.x Wed Feb 16 13:41:40 +0000 2011 webmaster pts/2 y.y.y.y Sun Dec 14 03:46:07 +0000 2008 So, I am logged in as root right now, however, the 'webmaster' entry is what is interesting me. The y.y.y.y address is the web dev's address (he hasn't logged in since sunday, he notified my yesterday when he tried to get back on that he couldn't). However he always uses the webdev account which lastlog shows as never logged in, so when accessing the VPS as the webdev user account are we somehow actually accessing the VPS as webmaster? Is it possible the VPS providers performed some crazy voodoo magic here? Perhaps I should change the password for the webmaster account (this doesn't have one according to the passwd file), so I could 'su - webmaster', set a password and then try and login as the webdev user? Or is this possibly going to make matters worse? -- James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...?