[PATCH] enable /proc/$$/loginuid
Steve Grubb
sgrubb at redhat.com
Mon Jan 17 17:18:16 UTC 2005
On Monday 17 January 2005 11:50, Inder Kumar wrote:
> Move loginuid(accountability information) to the task_struct. Why are
> you using "loginuid" for accountability ?
We need to know who they logged in as. Some people login and then do 'su root'
and perform actions. We need to know who root logged in as.
> What if two different users login using the same "loginuid" ?
I suppose they are considered the same person.
> Also, what is the advantage of using NETLINK sockets?
Its a way of getting kernel information to userspace.
> It looks like the information is passed to user-space for no-reason.
> The same information will be passed back to the kernel by the
> syslog routines.
Actually, the audit subsystem decides where to send things - to special daemon
or syslog. The information is being passed to userspace for a reason. Some
installations require it has to be logged with great care. Syslog does not
meet the requirements for those users.
> What is the point in doing such processing. Why are you not writing
> records directly from the kernel to the audit file?
That's what the userspace daemon does.
-Steve Grubb
More information about the Linux-audit
mailing list