Would you mind sharing more details about your situation, and what your
goal and resons for wanting this are? It sounds like you're placing an
exceptional amount of trust in a lot of people.

All privileged log-ins are recorded in /var/log/auth.log, so that's a
good place to start if you want to track privileged log-ins.

See the examples in syslog.conf(8).

Sorry, that's syslog.conf(5).

If you run a script to watch for any changes to /var/log/auth.log, you may be able to watch for messages about "su to root" and then use 'wall' to broadcast a message to users who are root? This might work but I'm not really sure.

Manas

Thank you for your time.

I added that line to my /root/.cshrc file, but it does not work if I add
set watch = (0 root any).
The users use bash, root uses csh. If I add set watch = (any any) it
only prints the users already loggen on, no notifications are send when
a new user su to root like below.

[***@desk ~]$ su
Password:
johanh has logged on pts/0 from 123.124.123.2.provider.nl
johanh has logged on pts/1 from 123.124.123.2.provider.nl
johanh has logged on pts/2 from 123.124.123.2.provider.nl
[***@desk ~]#

This is FreeBSD 10.2 amd64 btw

regards

Johan

Op 3 jun. 2016 14:56 schreef "Brandon J. Wandersee" <
session?
What I would like is a message like you get on the console when someone su
to root. So if I am logged in as root that I would get the message from the
first console also in a ssh session.
It is not about trust, but in case of trouble it sometimes happens two
people are working on the same issue.
So sysadmin 1 log in and become root. He starts to do his thing. Then
sysadmin 2 read the same ticket and logs in also.
They are not aware that they both work on the same problem.
If sysadmin 2 become root and sysadmin 1 sees that because he saw the su to
root then he could notify sysadmin 2 that he is already working on it.

But set watch = (0 all all ) shows logged in users so that way sysadmin 2
sees that one is already logged in so it helps already. But the su message
would be nice.