Mark Shellenbaum wrote: > Gary Winiger wrote: >>>> How will this affect audit of chown(2), acl(2)? In particular when >>>> the audit trail file is processed on another system, or after a >>>> reboot? Will ephermeral uid's be stored in the audit trail file? >>>> How will praudit(1M), auditreduce(1M) be changed by this project? >>>> >>>> Gary.. >>> This change doesn't change any syscalls. All it does is allow a user >>> to specify SIDs and then uses the idmap(1M) API to convert those to >>> ephemeral IDs. >> >> Right and doesn't it store ephemeral IDs in the audit trail file? >> IIRC, ephemeral IDs were never supposed to survive reboots or >> be transfered to other systems. Audit trail files can be moved >> from the machine on which they were created; they can be processed >> after the system has been rebooted. How are ephemeral IDs >> processed in >> those environments? That is, "How will praudit(1M), auditreduce(1M) >> be changed by this project?" praudit translates user/group IDs to >> user/group names. auditreduce selects files based on fileowner >> and or filegroup. >> >> Gary.. > > It probably does store ephemeral IDs in audit trails today. That sounds > like a bug that has been then since > > PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris > > added support for ephemeral IDs. > > -Mark >
I will run a test and see what currently gets audited with ephemeral IDs. -Mark
