auid field when switching user
Guillaume L.
snnijd at gmail.com
Wed May 6 14:39:16 UTC 2015
Bonjour,
I'm trying to use auditd to log all actions made by the users on the
system. This part works fine.
The documentation mention the "auid" field to identify the user from the
first connection "even" when the user's identity changes (like with a su):
auid=500
The auid field records the Audit user ID, that is the loginuid. This ID is
assigned to a user upon login and is inherited by every process even when
the user's identity changes (for example, by switching user accounts with
the su - john command).
But this is not working. If I log with the user "test" (uid 1000) when I
switch to the user root, the value of auid is 0 (the uid of root).
Did I missing something ?
Thank you in advance.
Regards,
--
Guillaume
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20150506/695ff933/attachment.htm>
More information about the Linux-audit
mailing list