test

System Administration Guide: Security Services

subject Token

The subject token describes a user who performs or attempts to perform an operation. The format is the same as the process token. The subject token has nine fields:

The subject token is always returned as part of kernel-generated audit records for system calls. The praudit command displays the subject token as follows: 


subject,cjc,cjc,staff,cjc,staff,424,223,0 0 quisp

The audit ID, user ID, group ID, process ID, and session ID are long instead of short.

Note –

The subject token fields for the session ID, the real user ID, or the real group ID might be unavailable. The value is then set to -1.

Any token that contains a terminal ID has several variations. The praudit command hides these variations on output of the terminal ID so that they all appear the same. This field is handled the same way for any token that contains it. The terminal ID is either an IP address and port number, or a device ID, such as the serial port that is connected to a modem, in which case it is zero. The terminal ID is specified in one of several formats:

For device numbers:

For port numbers in the Solaris 7 release or earlier releases:

For port numbers in the Solaris 8 or 9 releases:

The following figure shows the format of the subject token.

Figure 25–26 subject Token Format

The preceding context describes the graphic.