xref: /titanic_41/usr/src/man/man4/audit_user.4 (revision e5351341b58845eee9d722bd71543d5a7c26b6cc) 
 te
 Copyright (c) 2008, Sun Microsystems, Inc. All Rights Reserved
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 AUDIT_USER 4 "Jun 26, 2008"
 NAME
audit_user - per-user auditing data file

 SYNOPSIS


/etc/security/audit_user




 DESCRIPTION

audit_user is a database that stores per-user auditing preselection data.
You can use the audit_user file with other authorization sources,
including the NIS map audit_user.byname and the NIS+ table
audit_user. Programs use the getauusernam(3BSM) routines to access
this information.


The search order for multiple user audit information sources is specified in
the /etc/nsswitch.conf file. See nsswitch.conf(4). The lookup
follows the search order for passwd(4).


The fields for each user entry are separated by colons (:). Each user is
separated from the next by a newline. audit_user does not have general
read permission. Each entry in the audit_user file has the form:

username:always-audit-flags:never-audit-flags





The fields are defined as follows:
username


User's login name.



always-audit-flags


Flags specifying event classes to always audit.



never-audit-flags


Flags specifying event classes to never audit.





For a complete description of the audit flags and how to combine them, see
audit_control(4).

 EXAMPLES

Example 1 Using the audit_user File

other:lo,am:io,cl
fred:lo,ex,+fc,-fr,-fa:io,cl
ethyl:lo,ex,nt:io,cl




 FILES

/etc/nsswitch.conf


/etc/passwd


/etc/security/audit_user

 ATTRIBUTES

See attributes(5) for descriptions of the following attributes:






ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability See below.




The file format stability is Committed. The file content is Uncommitted.

 SEE ALSO

bsmconv(1M), getauusernam(3BSM), audit_control(4),
nsswitch.conf(4), passwd(4)


Part VII, Solaris Auditing, in System Administration Guide: Security
Services

 NOTES

This functionality is available only if the Basic Security Module (BSM)
has been enabled. See bsmconv(1M) for more information.


Configuration changes do not affect audit sessions that are currently running,
as the changes do not modify a process's preselection mask. To change the
preselection mask on a running process, use the -setpmask option of the
auditconfig command (see auditconfig(1M)). If the user logs out and
logs back in, the new configuration changes will be reflected in the next audit
session.