From mboxrd@z Thu Jan  1 00:00:00 1970
From: Matthew Booth <mbooth@redhat.com>
Subject: Meaning of SYSCALL fields
Date: Wed, 16 Jan 2008 13:36:05 +0000
Message-ID: <478E0845.20506@redhat.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1709254261=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mbooth.redhat.laptop (sebastian-int.corp.redhat.com
	[172.16.52.221])
	by pobox.fab.redhat.com (8.13.1/8.13.1) with ESMTP id m0GDa5pl005633
	for <linux-audit@redhat.com>; Wed, 16 Jan 2008 08:36:06 -0500
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1709254261==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig2DBA8518CF495399139DC619"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig2DBA8518CF495399139DC619
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I'm documenting the fields of certain auditd messages for RHEL 4.
Amongst the SYSCALL fields are the following uid/gid related fields.

uid (obvious)
gid (obvious)
euid (obvious)
suid - what's this?
fsuid - what's this?
egid (obvious)
sgid - what's this?
fsgid - what's this?

Can anybody fill in the blanks for me?

Thanks,

Matt
--=20
Matthew Booth, RHCA, RHCSS
Red Hat, Global Professional Services

M:       +44 (0)7977 267231
GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490


--------------enig2DBA8518CF495399139DC619
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHjghINEHqGdM8NJARAo1PAJ9+piR56jT//T8JwaBxIP1OqUOWTQCfYf5M
jwGy3YNi8Pmgwa0okrwwDow=
=ZTq+
-----END PGP SIGNATURE-----

--------------enig2DBA8518CF495399139DC619--


--===============1709254261==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


--===============1709254261==--