It used to be common practice to have a statically linked shell for an
alternative root account, as in:
root❌0:0:root:/root:/bin/bash
toor❌0:0:root recovery account:/root:/sbin/sash
This causes problems with passwd NSS tests because a UID-based lookup
will only retrieve one of those entries. The original version of
nss/bug17079.c detected this, but failed to use this information later
on.
