subject Token

The subject token describes a subject (process). The structure is the same as the process token:

A token ID
The user audit ID
The effective user ID
The effective group ID
The real user ID
The real group ID
The process ID
The session ID
A terminal ID made up of
- A device ID
- A workstation ID

This token is always returned as part of kernel-generated audit records for system calls. The audit ID, user ID, group ID, process ID, and session ID are long instead of short. Figure B-25 shows the token format.

Note -

The subject token fields for the session ID, the real user ID, or the real group ID may be unavailable. The entry is then set to -1.

A subject token is displayed by praudit as follows:

subject,root,root,staff,root,staff,552,552,24 3 patchwork

Previous: socket-inet Token
Next: text Token