Should "su" change the USER environment variable?

[bob%ucla-locus at sri-unix.UUCP]

From:            Bob English <bob at ucla-locus>

There are many ways of preventing people from putting semi-random
garbage in /etc/utmp.  The simplest way that I know of is to make
login a simple executable file rather than a set-uid program.  If
you want to keep people from fooling themselves, make login mode
700.

I'm not sure that a layered login is a good idea (it invites
look-alikes), but I would be interested in knowing how it was
done if someone has actually done it.

One possibility is to have login fork off the shell (rather than
execing) and clean up when the shell exits.  This is what init
does now for login.

--bob--