test

System Administration Guide: Security Services

subject Token

The subject token describes a user who performs or attempts to perform an operation. The format is the same as the process token. The subject token has nine fields:

The audit ID, user ID, group ID, process ID, and session ID are long instead of short.

Note –

The subject token fields for the session ID, the real user ID, or the real group ID might be unavailable. The value is then set to -1.

Any token that contains a terminal ID has several variations. The praudit command hides these variations. So, the terminal ID is handled the same way for any token that contains a terminal ID. The terminal ID is either an IP address and port number, or a device ID. A device ID, such as the serial port that is connected to a modem, can be zero. The terminal ID is specified in one of several formats.

The terminal ID for device numbers is specified as follows:

The terminal ID for port numbers in releases that are earlier than the Solaris 8 release is specified as follows:

The terminal ID for port numbers in the Solaris 8 release or the Solaris 9 release is specified as follows:

The subject token is always returned as part of kernel-generated audit records for system calls. The praudit command displays the subject token as follows: 


subject,cjc,cjc,staff,cjc,staff,424,223,0 0 quisp

The following figure shows the format of the subject token.

Figure 23–26 subject Token Format

The preceding context describes the graphic.