subject Token
The subject token describes a subject (process). The structure is the same as the process token:
-
A token ID
-
The user audit ID
-
The effective user ID
-
The effective group ID
-
The real user ID
-
The real group ID
-
The process ID
-
The session ID
-
A terminal ID made up of
-
A device ID
-
A system ID
-
This token is always returned as part of kernel-generated audit records for system calls. The audit ID, user ID, group ID, process ID, and session ID are long instead of short. Figure B–24 shows the token format.
Note –
The subject token fields for the session ID, the real user ID, or the real group ID may be unavailable. The entry is then set to -1.
For the Trusted Solaris 7 release, the process token can be displayed using a 64-bit device ID, in place of the 32-bit value.
For the Trusted Solaris 8 4/01 release, the terminal ID can report an IPv6 address by changing the format to use either 4 or 8 bytes to describe the device, 16 bytes to describe the type, and 16 bytes to describe the address.
A subject token is displayed by praudit as follows:
subject,root,root,staff,root,staff,552,552,24 3 patchwork
- © 2010, Oracle Corporation and/or its affiliates