On 5/22/19 12:34 PM, Steve Grubb wrote: > I think this is the right fix: > > diff -urp shadow-4.6.orig/src/useradd.c shadow-4.6/src/useradd.c > --- shadow-4.6.orig/src/useradd.c 2019-05-21 08:26:12.533328554 -0400 > +++ shadow-4.6/src/useradd.c 2019-05-22 12:21:46.305293997 -0400 > @@ -1955,9 +1955,14 @@ static void usr_update (void) > #endif /* ENABLE_SUBIDS */ > > #ifdef WITH_AUDIT > + /* > + * Even though we have the ID of the user, we won't send it now > + * because its not written to disk yet. After close_files it is > + * and we can use the real ID thereafter. > + */ > audit_logger (AUDIT_ADD_USER, Prog, > "add-user", > - user_name, (unsigned int) user_id, > + user_name, AUDIT_NO_ID, > SHADOW_AUDIT_SUCCESS); > #endif > /*
I tested this and it looks good. Thanks Steve, I really appreciate the help. LCB -- Lenny Bruzenak MagitekLTD -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
