[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH] enable /proc/$$/loginuid

On Monday 17 January 2005 11:50, Inder Kumar wrote:
> Move loginuid(accountability information) to the task_struct. Why are
> you using "loginuid" for accountability ?

We need to know who they logged in as. Some people login and then do 'su root' 
and perform actions. We need to know who root logged in as.

> What if two different users login using the same "loginuid" ?

I suppose they are considered the same person.

> Also, what is the advantage of using NETLINK sockets?

Its a way of getting kernel information to userspace.

> It looks like the information is passed to user-space for no-reason. 
> The same information will be passed back to the kernel by the 
> syslog routines. 

Actually, the audit subsystem decides where to send things - to special daemon 
or syslog. The information is being passed to userspace for a reason. Some 
installations require it has to be logged with great care. Syslog does not 
meet the requirements for those users.

> What is the point in doing such processing. Why are you not writing
> records directly from the kernel to the audit file?

That's what the userspace daemon does.

-Steve Grubb

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]