problem about audit

tianyong1979sh tianyong1979sh at 126.com
Tue Mar 9 01:37:50 UTC 2010 

hi,
     Here there is a question ,and please help me .
     my work is that when user input "getfacl" or "setfacl", whatever success or failed, 
the process of auditd can log this operation and the operation type is AUDIT_DAC_CHECHK that is defined in libaudit.h .
     In order to reach the destination ,i modified the codes in the packets of acl-2.2.39 and audit-1.7.7 .
     Firstly ,i added the function audit_log_acct_message()  in the file of getfacl.c and setfacl.c in the audited place and 
the function audit_log_acct_message() is in file audit_logging.c of the audit-1.7.7.
     Secondly, i make the the project of  acl and the result is ok .And i run the object file of getfacl. 
When the user is root,the audit message of getfacl operation can be logged.But when the user is normal user,the audit message cann't 
be logged. The VAR "errno" value is "Operation not permitted".when i execute the command "chmod u+s getfacl" as root. and then 
the audit message of getfacl operation can be logged au normal user.
     how i can reslove the problem that when normal user and normal authority execute the command "getfacl" ,the audit system still can log the operation?????  
   
   thank you very much. i am looking forward to your reply!!!
   
   
                                                           tianyong 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100309/d6de16d0/attachment.htm>

More information about the Linux-audit mailing list