Mike, is this distro dependent or does it affect all distros? Thanks, Steve
-----Original Message----- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Michael MacIsaac Sent: Monday, December 19, 2016 9:12 AM To: LINUX-390@VM.MARIST.EDU Subject: Root, sudo, su and preserving audit trail Hi, We cannot SSH as root in our organization which is good for preserving audit trail because all users must use their own credentials. I (but not all users) can then 'su to root', and my login user is preserved in the environment variable SUDO_USER. However, then as root I can 'su to another user' and the audit trail seems to be lost. Has anyone solved this issue? # env | grep mike USER=mike ... # sudo -i mike's password: # env | grep mike SUDO_USER=mike <audit trail is preserved> # su - zadmin env | grep mike <no output - audit trail is lost> Please don't say just don't allow root to su to another user - it is necessary. What I want is to preserve the SUDO_USER value with the initial login ID no matter how many times su is used. Any thoughts would be appreciated. Thanks. -Mike MacIsaac ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/