I'm performing a checklist audit of a linux system (openSUSE 11.3), and ran into something that may or may not be an issue. One of the sections of the audit program requires verification of "appropriateness" of user accounts on the system. This includes reviewing the etc/passwd, etc/group and etc/sudoers files. I found several accounts in the etc/sudoers file that were not in the etc/passwd file. According to this audit program, this is an "exception" and results in an audit failure.

My problem with these checklists audits are that they don't specify what the real risk is for any of these "exceptions". I've been googling this problem, and haven't found a clear answer, so I'm hoping you guys could help me. Is there actually any risk of having accounts in the sudoers file, even if said accounts no longer exist on the system? My guess is that maybe it's possible to perform some sort of privilege escalation with it? Any advice you can give me would be greatly appreciated. Thanks!