Do you mean "the service cannot be taken down long enough to replace the OS"?
root user.
Re: root user.
I would probably migrate the service to different server. The downtime should be quite short, if done properly.
(Shorter than reboot of hardware server. You do reboot when you get a kernel update, don't you?)
Step 1: Does any service in the server refer to username "testuser"?
If yes, then update them to use a different account.
Step 2: Verify that you can become root without the "testuser"
Step 3: Remove the "testuser" entry from /etc/passwd