audit_id(4) — FILE FORMATS
NAME
audit_id − audit authentication ID file
SYNOPSIS
#include <audit_id.h>
DESCRIPTION
/var/security/audit_id specifies the authentication ID assigned to a user’s process upon login. The authentication ID is recorded in all audit records generated by a process. Even with privilege, the authentication ID cannot be changed once it is set. The authentication ID is inherited by all child processes.
The format of the information in /var/security/audit_id is
audit_id:user_id:user_name:full_name
where audit_id is the unique integer authentication ID, user_id is the user ID from /etc/password, user_name is the user’s login name, and full_name is the user’s full name (the comment field in /etc/password).
The audit_id structure is defined in the <audit_id.h> header file as follows:
struct audit_id
{
uid_t aid;
uid_t uid;
char∗uname;
char∗fname;
};
EXAMPLE
128:130:john:John Brown
Specifies an authentication ID of 128 for the user whose login name is john, user ID is 130, and full name is "John Brown".
FILES
/var/security/audit_id Specifies audit authentication IDs
SEE ALSO
login(1), audit(4), audit_sys(5)
(Security Enhancement)