some uid's in /proc/pid/loginuid are strange

StackOverflow https://stackoverflow.com/questions/22914627

  •  29-06-2023
  •  | 
  •  

Question

i'm analysing the procfs in unix/linux and some loginuid of processes are really strange. Some pid's have as loginuid a big number: 4294967295. Are they daemons or system events or whats the matter?

# cat /proc/11071/loginuid
4294967295
Was it helpful?

Solution

4294967295 is just (unsigned long) -1. -1 means that loginuid was not set. This is normal behavior for processes that were not spawned by any login process (e.g. for daemons). loginuid is -1 by default; pam_loginuid module changes it to your user id whenever you login (in a tty/in DM/via ssh), and this value is preserved by child processes.

OTHER TIPS

I am gravedigging, but I stumped on this and I have infos to share.

  1. kernel support

loginuid support required the kernel compiled with CONFIG_AUDITSYSCALL

To check:

zgrep CONFIG_AUDITSYSCALL /boot/config* /proc/config.gz

  1. kernel bugs

At the moment, I can check on two centos hosts. Both of them have 64 bit kernels compiled with CONFIG_AUDITSYSCALL=y

I am logged as a normal user in bash.

centos 5.11, kernel 2.6.18-419.el5

cat /proc/$$/loginuid

4294967295

centos 6.10, kernel 2.6.32-754.28.1.el6

cat /proc/$$/loginuid

503

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top