what is in /etc/nsswitch.conf?

Sorry that was wrong server!

j1@squid2:/etc$ more /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: files ldap
group: files ldap
shadow: files ldap
# passwd_compat: ldap
# group_compat: ldap
# shadow_compat: ldap

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files
netmasks: files
netgroup: files
bootparams: files

automount: files
aliases: files

Do /lib/nsswitch* files exist? Or perhaps they are under /lib64 or so. I would also check if they are tampered with, but don't know how to verify that with apt or dpkg. See man nsswitch.conf.

Edit: dpkg -S to find the package that contains the nsswitch libs, dpkg -V to verify it.

/lib/x86_64-linux-gnu/libnfsidmap/nsswitch.so last changed 09/06/2012

Sorry, I meant files named libnss*. These are the libraries that implement /etc/passwd lookup, ldap lookup etc. Something is wrong with that.

I tried:
root@squid2:/$ id -u
1079
root@squid2:/$ id -u root
0

So I tried:
root@squid2:/$ su root
Password:
root@squid2:/# id
uid=0(root) gid=0(root) groups=0(root)

So now I really should be root.
So I tried:
root@squid2:/tmp# ls -l /var/log/squid

And I got:

total 1409632
-rw-r--r-- 1 root root 1887934 Dec 11 2014 192.168.9.80.log.1
-rw-r----- 1 proxy proxy 48950958 Jun 25 2014 24_6.log.gz
-rw-r--r-- 1 root root 72665 Jan 21 2015 443.log.1
-rw-r--r-- 1 root root 214444 Jul 11 18:41 54_40.log.1
-rw-r----- 1 proxy proxy 101576098 Oct 12 13:33 access.log
-rw-r----- 1 proxy proxy 34874008 Oct 12 06:25 access.log.1
-rw-r----- 1 proxy proxy 456533072 Dec 16 2014 access.log.2
-rw-r----- 1 proxy proxy 582262720 Dec 10 2014 access.log.2a
-rw-r----- 1 proxy proxy 1925281 Oct 11 06:25 access.log.2.gz
-rw-r--r-- 1 root root 4007416 Apr 25 2014 c14.log.1
-rw-r--r-- 1 root root 4464344 Apr 25 2014 c14t.log.1
-rw-r----- 1 proxy proxy 116984 Oct 12 13:32 cache.log
-rw-r----- 1 proxy proxy 9855 Oct 12 05:47 cache.log.1
-rw-r----- 1 proxy proxy 1606 Oct 11 05:47 cache.log.2.gz
-rw-r--r-- 1 root root 1070458 Jun 25 2014 childline.log.1
-rw-r--r-- 1 root root 0 Jan 8 2014 jami281299.log.1
-rw-r--r-- 1 root root 189285 Jan 20 2015 owa.log.1
-rw-r----- 1 proxy proxy 153640027 Oct 12 13:33 store.log
-rw-r----- 1 proxy proxy 44776755 Oct 12 06:25 store.log.1
-rw-r----- 1 proxy proxy 6829053 Oct 11 06:25 store.log.2.gz

So what happened?? Have I got two root users 0 and 1079?

If so how to I get rid of the imposter?

OK, I think I found it, I use windows AD so users can authenticate from the windows domain and there is a windows user called root:

root@squid2:/tmp# getent passwd | grep root
root:x:0:0:root:/root:/bin/bash
root:*:1079:65534:root:/home/CSE/root:/bin/bash

That user has been there for years and I've never had this problem before!

Thanks for your help.

you can still try: ypcat passwd | grep root
to check it.
(if you really want to say thanks just click on yes)

I still don't quite understand, but perhaps I just misunderstand how this works. I would think that the nsswitch.conf line
means we first check local files (i.e. /etc/passwd) and, if the user is not found there, we check ldap, i.e. AD. So why is the root user pulled from AD instead of /etc/passwd? Mysterious.

Great that you found the solution.

Yes, I agree. I'll investigate further, probably starting in auth.log, but at least it's working now.
Thanks again.

(if you really want to say thanks just click on yes)
do you have any news?

I assume you tried it not as root user. if you were root user - you actually aren't - and you have a SERIOUS issue not yet discussed

so your not root you expect it to work LFS (linux file structure "standards".

$ chmod 755 /var/
$ chmod 755 /var/log/

you can chmod +r *.log however many are by default not world readable (created by syslog that way)

there may be logs you can read in /var/log, but i'm unsure of modes of ones you mentioned