1audit_user(4)                    File Formats                    audit_user(4)
2
3
4

NAME

6       audit_user - per-user auditing data file
7

SYNOPSIS

9       /etc/security/audit_user
10
11

DESCRIPTION

13       audit_user  is  a  database  that stores per-user auditing preselection
14       data. You can use the audit_user file with other authorization sources,
15       including  the NIS map audit_user.byname and the NIS+ table audit_user.
16       Programs use the getauusernam(3BSM) routines to  access  this  informa‐
17       tion.
18
19
20       The  search order for multiple user audit information sources is speci‐
21       fied in the /etc/nsswitch.conf file. See nsswitch.conf(4).  The  lookup
22       follows the search order for passwd(4).
23
24
25       The  fields  for each user entry are separated by colons (:). Each user
26       is separated from the next by a newline. audit_user does not have  gen‐
27       eral read permission. Each entry in the audit_user file has the form:
28
29         username:always-audit-flags:never-audit-flags
30
31
32
33
34       The fields are defined as follows:
35
36       username              User's login name.
37
38
39       always-audit-flags    Flags specifying event classes to always audit.
40
41
42       never-audit-flags     Flags specifying event classes to never audit.
43
44
45
46       For  a complete description of the audit flags and how to combine them,
47       see audit_control(4).
48

EXAMPLES

50       Example 1 Using the audit_user File
51
52         other:lo,am:io,cl
53         fred:lo,ex,+fc,-fr,-fa:io,cl
54         ethyl:lo,ex,nt:io,cl
55
56
57

FILES

59       /etc/nsswitch.conf
60
61
62       /etc/passwd
63
64
65       /etc/security/audit_user
66

ATTRIBUTES

68       See attributes(5) for descriptions of the following attributes:
69
70
71
72
73       ┌─────────────────────────────┬─────────────────────────────┐
74       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
75       ├─────────────────────────────┼─────────────────────────────┤
76       │Interface Stability          │ See below.                  │
77       └─────────────────────────────┴─────────────────────────────┘
78
79
80       The file format stability is Committed. The file content  is  Uncommit‐
81       ted.
82

SEE ALSO

84       bsmconv(1M),  getauusernam(3BSM),  audit_control(4),  nsswitch.conf(4),
85       passwd(4)
86
87
88       Part VII, Solaris Auditing, in System  Administration  Guide:  Security
89       Services
90

NOTES

92       This functionality is available only if the Basic Security Module (BSM)
93       has been enabled. See bsmconv(1M) for more information.
94
95
96       Configuration changes do not affect audit sessions that  are  currently
97       running, as the changes do not modify a process's preselection mask. To
98       change the preselection mask on a running process,  use  the  -setpmask
99       option  of  the  auditconfig command (see auditconfig(1M)). If the user
100       logs out and logs back  in,  the  new  configuration  changes  will  be
101       reflected in the next audit session.
102
103
104
105SunOS 5.11                        26 Jun 2008                    audit_user(4)
Impressum