I have seen vi do this action when it didn't understand a keycode on teh
terminal you are using properly... change the case of a few letters next
to the cursor. But IIRC that was busybox vi.
Is it crazy to propose someone opened /etc/passwd in vi, and saved it
out without noticing this had happened?
If you suspect your box has been rooted, then perhaps it is time to do
some checking.
rpm -Va
Also, have you ever updated the box?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
