Hi there,
It might seem tricky, I confess.
We use sudo to allow people to initiate priviledged commands (but not all commands) on our Unix systems.
To by pass this, some people initiate the sudo su - command ;
The main issue is to 'know' what those people do when they gain root access.
Is there a way to have a log of all commands done by a user whent they have gained root access? This way, we could at least know what they do.
Regards,
Logging commands is a part of many packages, including ACL extensions. Your question is too general because you did not specify the OS.
Also, try the logfile options available in the sudoers configuration file and see if there is anything there to help you.
If you restrict the sudo configuration to a bare minimum number of commands per user, you should be ok with standard sudoers logging.
man sudoers
In other words, you should not give sudoers permission to use vi.
This is discussed in the sudo man page:
So... don't give users permissions to programs that allow shell escapes...... Heck, on our systems, no one is allowed to sudo... and if they were, they would be given very limited command privs.... (certainly not vi !)
... and not su 
If people can do that then why do they need sudo? I suggest you look at sudoers carefully and set it up correctly so that cannot happen.
We use Solaris OS here.
Some of our sudoers have found that they can just enter ;
sudo su -
So they become root.
What bothers us more is the fact that when they have done so they is now way we can trace back each command a user as done while they are root.
I am looking for a way to permit some users do become root (sudo su - or simply su) if we can trace what they do while they are root.
Is this possible?
Regards,
Yes, you need to configure the sudoers configuration file and restrict what users do and how they are logged.
You have NOT discovered a 'back door' you have SIMPLY not configured sudo and sudoers properly. (see post above).