Originally posted by dave bean
try using su -
Which is equal to get the environment variables of the user root. A better way to monitor this is using the sudo command. This actually registers any actions which have been made to become root.
visudo (used only to edit the sudo access file)
Uncomment the group wheel (with passwd access)
Make the user a member of wheel, so it will be able to sudo like:
usermod -G users,wheel username
Then if you are login-in as that user, try: sudo su -
Which is the same as su - , but much more reliable and registers every wrong entered passwd in your syslog or message log file.
Hope this helps,