diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 6491786591..889b00738d 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -45794,8 +45794,7 @@ privilege-escalation:
         elevation_required: true
         command: |
           useradd --create-home --shell /bin/bash art
-          su --login art
-          echo 'echo "Atomic Red Team was here... T1546.004" >> $HOME/art.txt' >> $HOME/.bash_logout
+          su -l art -c "echo 'echo \"Atomic Red Team was here... T1546.004\" >> /home/art/art.txt' >> /home/art/.bash_logout; exit"
         cleanup_command: 'userdel -fr art
 
           '
@@ -69751,8 +69750,7 @@ persistence:
         elevation_required: true
         command: |
           useradd --create-home --shell /bin/bash art
-          su --login art
-          echo 'echo "Atomic Red Team was here... T1546.004" >> $HOME/art.txt' >> $HOME/.bash_logout
+          su -l art -c "echo 'echo \"Atomic Red Team was here... T1546.004\" >> /home/art/art.txt' >> /home/art/.bash_logout; exit"
         cleanup_command: 'userdel -fr art
 
           '
diff --git a/atomics/Indexes/linux-index.yaml b/atomics/Indexes/linux-index.yaml
index 465b525056..cb8a3ffa5b 100644
--- a/atomics/Indexes/linux-index.yaml
+++ b/atomics/Indexes/linux-index.yaml
@@ -26081,8 +26081,7 @@ privilege-escalation:
         elevation_required: true
         command: |
           useradd --create-home --shell /bin/bash art
-          su --login art
-          echo 'echo "Atomic Red Team was here... T1546.004" >> $HOME/art.txt' >> $HOME/.bash_logout
+          su -l art -c "echo 'echo \"Atomic Red Team was here... T1546.004\" >> /home/art/art.txt' >> /home/art/.bash_logout; exit"
         cleanup_command: 'userdel -fr art
 
           '
@@ -40464,8 +40463,7 @@ persistence:
         elevation_required: true
         command: |
           useradd --create-home --shell /bin/bash art
-          su --login art
-          echo 'echo "Atomic Red Team was here... T1546.004" >> $HOME/art.txt' >> $HOME/.bash_logout
+          su -l art -c "echo 'echo \"Atomic Red Team was here... T1546.004\" >> /home/art/art.txt' >> /home/art/.bash_logout; exit"
         cleanup_command: 'userdel -fr art
 
           '
diff --git a/atomics/T1546.004/T1546.004.md b/atomics/T1546.004/T1546.004.md
index 429f16b50d..a836825d6a 100644
--- a/atomics/T1546.004/T1546.004.md
+++ b/atomics/T1546.004/T1546.004.md
@@ -270,8 +270,7 @@ This test creates the art user, logs in, creates a .bash_logout which will echo
 
 ```bash
 useradd --create-home --shell /bin/bash art
-su --login art
-echo 'echo "Atomic Red Team was here... T1546.004" >> $HOME/art.txt' >> $HOME/.bash_logout
+su -l art -c "echo 'echo \"Atomic Red Team was here... T1546.004\" >> /home/art/art.txt' >> /home/art/.bash_logout; exit"
 ```
 
 #### Cleanup Commands: