Steve Grubb wrote: > On Wednesday 30 August 2006 17:30, Matt Anderson wrote: >>I think CUPS is a case where acct would be preferable. The auid is >>known, and will be recorded, but acct will correspond with the user >>field that shows up on paper. > > What is the source of the user's name? From what I can see, you get the auid > from credentials. So that is the best source of info. If you look it up in > passwd database, ausearch can look it up, too. I really want the most > authoritative information recorded.
The source of the username that is listed as acct is lpr. I can appreciate that this makes it questionable data, but what you are suggesting is worse in my opinion. Its worth noting that the sauid is being captured which is the most authoritative information and in the end the only useful auditing information. I'm in no way suggesting we stop doing that. My concern is that when the data hits paper there is a Requesting User: field on the banners. Currently acct= captures that information. I could, as you suggest, do various username to uid look ups, but: 1) Given that the username is of low integrity, doing a getpwnam() does nothing to increase that integrity. 2) Converting the name to a number will make the job of correlating a print out to an audit record harder. -matt -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
