[Go to CFHT Home Page] Man Pages
Back to Software Index  BORDER=0Manpage Top Level
    au_user_mask(3) manual page Table of Contents

Name

au_user_mask - get user’s binary preselection mask

Synopsis

cc [ flag ... ] file ... -lbsm -lsocket -lnsl -lintl [ library ... ]

#include <bsm/libbsm.h>

int au_user_mask( char *username, au_mask_t *mask_p);

MT-Level

MT-Safe.

Availability

The functionality described in this man page is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.

Description

au_user_mask() reads the default, system wide audit classes from audit_control(4) , combines them with the per-user audit classes from the audit_user(4) database, and updates the binary preselection mask pointed to by mask_p with the combined value.

The audit flags in the flags field of the audit_control(4) database and the always-audit-flags and never-audit-flags from the audit_user(4) database represent binary audit classes. These fields are combined by au_preselect(3) as follows:

mask = ( flags + always-audit-flags) - never-audit-flags

au_user_mask() only fails if both the both the audit_control(4) and the audit_user(4) database entries could not be retrieved. This allows for flexible configurations.

Return Values

au_user_mask() returns:
  1. Success.
    -1
    Failure. Both the audit_control(4) and the audit_user(4) database entries could not be retrieved.

Files

/etc/security/audit_control
contains default parameters read by the audit daemon, auditd(1M)
/etc/security/audit_user
stores per-user audit event mask

See Also

login(1) , bsmconv(1M) , getaudit(2) , setaudit(2) , au_preselect(3) , getacinfo(3) , getauusernam(3) , audit_control(4) , audit_user(4)

Notes

au_user_mask() should be called by programs like login(1) which set a process’s preselection mask with setaudit(2) . getaudit(2) should be used to obtain audit characteristics for the current process.

Table of Contents