Originally Posted by Ramurd
in /etc/passwd you check the UID; if it's 0, it's "root" access, otherwise User
Check for numerically equal to 0 because :00: is a zero value not identical as a string to :0: .
As for what accounts have access to root if they do something .. there is a great amount to check including file owners/groups/modes for all s/w run as root to ensure the user cannot replace it. (e.g. Red Hat ships rpm s/w owned by rpm rather than root even when everybody knows root runs rpm.)
Unpatched s/w might give root access to all local users; or even remote users.
Rules in sudoers need to be examined. Commands that run shells and commands that write files are dangerous.
Networking trust (rlogin/shell/NFS).