I'm attempting to setup rootsh on Solaris 10 to log the activity of users who require root access. However it does not appear to be sourcing root's .profile file even when run with the '-i' option. I was wondering if anybody else has run into this and might have a solution.
Thank you.
are these user's logging directly into root, or su'ing into root?
and are they using
"su"
or
"su -"
It seems rootsh is sourcing the user's .profile, not root's one. I would say it's a rootsh bug as the HOME variable is being kept unmodified.
I'm using rootsh via sudo, for example:
$ sudo rootsh -i
However it does not seem to source root's .profile or .bash_profile, so my prompt remains unchanged and I don't inherent root's PATH even though if I run an 'id' or 'who am i' I am effectively root.
I have yet to try on Solaris 9 to see if it has the same behavior as the INSTALL file mentions only Solaris 9 as having been tested.
As I already wrote, rootsh is sourcing your profile, not root's one. You might detect who is sourcing your profile and set the PATH, HOME and whatever accordingly as a workaround.
Thanks, you are right, it is still sourcing my profile. If I manually set my $HOME variable to / then it sources root's profile.
What I've done is setup an if-then statement that checks the $LOGNAME of the user. If it's root then it runs root's profile. This appears to be working well as a workaround.
Thanks for the insight! 
root access is only for system administrator and nobody else and that is final
set ALC entires and permissions instead giving root access
Root login is a bad practice but raising someone's privileges to perform administrative tasks is both correct and unavoidable.
ACL is one way, sudo is another one and RBAC is probably the best one with Solaris. rootsh is a portable wrapper that logs every command run by a user granted root access. Quite a good security compromise.
As you said jigi you have several solutions dor this problem but as I said root account is ONLY FOR SYS ADMIN and for nobody else 
I agree but you misunderstood my replies, perhaps because you do not know what rootsh is. Users whose tasks require full root access are by definition sys admins. Whether they are reliable / skilled or not is a totally different issue.
PS: not sure about why you use that "jigi" nickname but please use jlliagre instead.