sudo without password?

Some strange things are happening with my Ubuntu box today as a regular (non-root user):

• As soon as I log in, I can sudo without typing my password (normally, I believe I always have to type my password to sudo?)
• When I type cd ~, it tells me that I don't have permission to go to /root.
• Similarly, my bash prompt displays something like: user@host:/home/username instead of the more familiar user@host:~ that I'm used to.
• None of my profiles seem to be set up correctly anymore, everything seems to be thinking that my home directory is /root.
• Because of the previous bullet, I can't do things like run screen because it can't write a new profile in the /root directory.

It's probably useful to know that cating /etc/passwd shows that my user's home is /home/user and not /root.

I did just do a big apt-get upgrade, is this normal behavior for the new versions of my software? rkhunter reports some suspicious files, but they appear to have been there for awhile and seem legitimate (they look to be files related to Request Tracker). I can post the rkhunter logs if that helps anyone and is prudent. And chkrootkit shows up with nothing. Also unhide doesn't seem to notice anything. The only thing that rkhunter seems to be concerned about is my versions of openssl, openssh, php, GnPG. But doing a

sudo apt-get update; sudo apt-get upgrade; sudo apt-get dist-upgrade

Gives me no packages to upgrade.

Anyone have anything to suggest for how to fix this? Bonus points to anyone that can determine the cause of my problem.

UPDATE: As I said above, my /etc/passwd shows my home directory to be correct (/home/username), but when I echo $HOME it shows /root. Here's output:

user@hostname:/home/user$ getent passwd $USER
user:x:1000:1000:user,,,:/home/user:/bin/bash
user@hostname:/home/user$ echo $HOME
/root

UPDATE UPDATE: Thanks to suggestions here, I found that there was a .profile in /home/user that was exporting my HOME as /root. While I guess this is the work of some weird software I apt-get'd removing it seems to have fixed most of my issues.

Thanks everyone!

@Alberto thank you for your help, here's my responses: 1) /etc/passwd shows the correct shell, where else should I look for this? 2) I don't need to go to /root when I try to cd ~. 3) what do you mean? "in sudo mode". I'm not trying to sudo anything when I see that. In fact, I'm not trying to sudo anything at all, these problems are hinderances to my normal usage.

I like this. I had completely forgot to check $HOME and it does indeed say /root. Why would this have changed? And why is it not getting set by /etc/passwd? It does sound like my account has somehow become the same as root, but I don't want that. You mention vipw, any tips on what to change specifically? My /etc/passwd entry looks like any other user entry. Thanks again!

In /etc/passwd the last field for a given user is the default value of $HOME at login. If this is not the correct value, fix it there. If it is correct, then you might want to grep for HOME in ~/.* and see if it's being accidentally set at some point during signin. Remember that on Unix, setting an environment variable only affects a process and its children, so it's almost certainly something directly in one of your start-up scripts, rather than some random command. The exception would be if you eval some-command where that command outputs HOME=/root

@Phil, that's exactly what I did to find the mysterious .profile file. Thanks again :) Any idea why something would create such a file? It seems weird to me.

A profile file of some kind is possibly created with new accounts, since it is a common place for settings. New interactive login bash shells will read ~/.profile on startup. But to see this get set is worrying. { ls -l ~/.profile } and look at the permission indicators at the start. I'd expect/hope to see -rw-r--r-- or -rw------- where these set user/group/other read/write/execute permissions. If 'w' is set for anyone else, you have issues. Otherwise, I'd start getting very paranoid about intrusions. But I'm that sort of paranoid person.

@Phil P, I'm quite the paranoid type as well. The .profile was set to -rw-r--r--. That .profile is not at all like any of the other user's .profile's. Also, it mentioned FreeBSD at the top (it's an Ubuntu box) and "kensmith Exp" whoever that is. Any suggestions on intrusion detection beyond what we've done?

That is the default .profile copied from /usr/share/skel/dot.profile or the default root profile, from /usr/src/etc/root/dot.profile and kensmith is one of the FreeBSD commiters, Exp just a word in the CVS keyword tag. See freebsd.org/cgi/cvsweb.cgi/src... for the revision histories of those files and to see that Ken is okay. If HOME=/root came from that, perhaps you did something (invoke a bad script) to copy a file to ~/ while sudo'd to root and HOME was still your normal home. None of this explains that sudo was not prompting, so I still worry that your uid is 0 from passwd.