process Token
The process token contains information about a user who is associated with a process, such as the recipient of a signal. The process token has nine fields:
a token ID that identifies this token as a process token
the invariant audit ID
the effective user ID
the effective group ID
the real user ID
the real group ID
the process ID
the audit session ID
a terminal ID that consists of a device ID and a machine ID
The praudit command displays the process token as follows:
process,root,root,wheel,root,wheel,0,0,0,0.0.0.0
The following figure shows the format of a process token.
Figure 25–22 process Token Format
The audit ID, user ID, group ID, process ID, and session ID are long instead of short.
Note –
The process token fields for the session ID, the real user ID, or the real group ID might be unavailable. The value is then set to -1.
Any token that contains a terminal ID has several variations. The praudit command hides these variations on output of the terminal ID so that they all appear the same. This field is handled the same way for any token that contains it. The terminal ID is either an IP address andport number, or a device ID, such as the serial port that is connected to a modem, in which case it is zero. The terminal ID is specified in one of several formats:
32-bit applications: 4-byte device number, 4-bytes unused
64-bit applications: 8-byte device number, 4-bytes unused
For port numbers in the Solaris 7 release or earlier releases:
32-bit applications: 4-byte port number, 4-byte IP address
64-bit applications: 8-byte port number, 4-byte IP address
For port numbers in the Solaris 8 or 9 releases:
32-bit with IPV4: 4-byte port number, 4-byte IP type, 4-byte IP address
32-bit with IPV6: 4-byte port number, 4-byte IP type, 16-byte IP address
64-bit with IPV4: 8-byte port number, 4-byte IP type, 4-byte IP address
64-bit with IPV6: 8-byte port number, 4-byte IP type, 16-byte IP address