Quote:
Originally Posted by Reboot
 You can set the default login shell as Bash.
This shell is having the tool known as History. 
Anyone logged with this shell if execute any command then that command will get stored and appended to /.bash_history file.
You can make a script which will mail you the contents of /.bash_history
at your will and you will have all commands executed by root with
you......  |
Ah, but what happens if you have two people logged in as root at the same time? It would be a bit tough to distinguish one session from another...
I suppose you could use 'script "/some/log/dir`who am i | awk '{ print $1 }'`-`date`"' ...
As for moving the users over to another access model, set up the 'new way' and show the users. You can reassure them that they will retain their su rights to root for now to give them a chance to evaluate the new method. Watch the sulog file and contact the person each time they use su to ask what they tried to do via sudo but couldn't. You can then fix whatever it was (or remind them that the access will be taken away and they should be finidng all the issues before it's too late).
Once you have all the problems cleared up, change the password to something only you know.
If you meet resistance, talk to your risk team and show them the very big risk involved in having more than one person able to do work as root without being able to trace who did what. Risk guys hate being unable to trace things back to a single person.
