This content has been marked as final. Show 1 reply
The location of the session history file is stored accoding to the $HISTFILE environment variable, set a login. You could probably try to modify $HISTFILE and experiment with history -w and history -r commands. The challange will be to find out what user did the su - root command. I would not recommend to pursue this any further, since it creates a very exotic setup.
I think the easiest solution to your problem is the sudo command. The sudo command will execute a command as user root, but the session history will be kept in the users session history file. You can modify the /etc/sudoers file using the visudo command to add uers to sudoer's list and also restrict what commands they can use on an individual or group basis. The sudo command will also give you more control and security because it does not prompt the user for the root password, but their own user account password.