Well, you are moving the goalposts like crazy, considering you were just executing a simple command with your original example, but let me search it and demonstrate the rest of it, rather than your Ctrl-F find one option in question:
https://manpages.ubuntu.com/manpages/noble/en/man8/sudo.8.ht...
-E, --preserve-env
--preserve-env=list
-H, --set-home
-i, --login
-s, --shell
The sudoers policy subjects environment variables passed as options to the same restrictions as existing environment variables with one important difference. If the setenv option is set in sudoers, the command to be run has the SETENV tag set or the command matched is ALL, the user may set variables that would otherwise be forbidden.
I am not sure what is meant by "masquerading as root" -- effective UID rather than real UID? "sudo" should set both to the target; there is no masquerading, even if you end up in a root shell with features of the invoking user's environment, those relevant variables should've been adjusted in the process.
So what you're proposing to do is to escalate privilege using "sudo"s security model and configuration, which may add, suppress, or alter environment variables, as well as SELinux and resource limits and cgroups or whatever, and then have a second go-round through "su" may alter the environment further, making for an unpredictable interaction. Hopefully it's all harmonized through PAM, but all you wanted is an interactive shell. Why try to justify this copy-paste idiom?
In fact, I could rewrite your original snippet as
sudo ls /sys/module
Why are you even opening an interactive shell to do one simple command? If that's all you want, then learn and use the appropriate idiom for it. "sudo(8)" was originally designed to run one-off commands without invoking that shell. In fact, security experts will tell you not to leave root shells open at any time. If you can run a "sudo command" and return to your user shell, then that is best practice.
