Gary Winiger wrote: >>> How will this affect audit of chown(2), acl(2)? In particular when >>> the audit trail file is processed on another system, or after a >>> reboot? Will ephermeral uid's be stored in the audit trail file? >>> How will praudit(1M), auditreduce(1M) be changed by this project? >>> >>> Gary.. >> This change doesn't change any syscalls. All it does is allow a user to >> specify SIDs and then uses the idmap(1M) API to convert those to >> ephemeral IDs. > > Right and doesn't it store ephemeral IDs in the audit trail file? > IIRC, ephemeral IDs were never supposed to survive reboots or > be transfered to other systems. Audit trail files can be moved > from the machine on which they were created; they can be processed > after the system has been rebooted. How are ephemeral IDs processed in > those environments? That is, "How will praudit(1M), auditreduce(1M) > be changed by this project?" praudit translates user/group IDs to > user/group names. auditreduce selects files based on fileowner > and or filegroup. > > Gary..
It probably does store ephemeral IDs in audit trails today. That sounds like a bug that has been then since PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris added support for ephemeral IDs. -Mark
