Standards
| Standards / Extensions |
C or C++ |
Dependencies |
|---|
| z/OS® UNIX |
both |
|
Format
#define _OPEN_SYS 1
#include <sys/stat.h>
int chaudit(const char *pathname, unsigned int flags,
unsigned int option);
General description
Changes the audit flags for a file to indicate the type of requests
the security product should audit. chaudit() can change user audit
flags or security auditor audit flags, depending on the option specified.
pathname is the name of the file for which the audit flags
are to be changed.
flags is the setting for the audit flags:
- AUDTREADFAIL
- Audit the failing read requests.
- AUDTREADSUCC
- Audit the successful read requests.
- AUDTWRITEFAIL
- Audit the failing write requests.
- AUDTWRITESUCC
- Audit the successful write requests.
- AUDTEXECFAIL
- Audit the failing execute or search requests.
- AUDTEXECSUCC
- Audit the successful execute or search requests. The bitwise
inclusive-OR of any or all of these can be used to set more than one
type of auditing.
option indicates whether the user audit flags or the security-auditor
audit flags are to be changed:
- AUDT_USER (0)
- Change user flags. The user must be the file owner or have appropriate
authority to change the user audit flags for a file.
- AUDT_AUDITOR (1)
- Change security auditor audit flags. The user must have security-auditor
authority to modify the security auditor audit flags for a file.
Returned value
If successful, chaudit() returns 0.
If unsuccessful, chaudit() returns -1 and sets errno to one
of the following values:
- Error Code
- Description
- EACCES
- The calling process does not have permission to search some
component of pathname.
- EINVAL
- option is not AUDT_USER or AUDT_AUDITOR.
- ELOOP
- A loop exists in symbolic links. This error is issued if the
number of symbolic links detected in the resolution of pathname is
greater than POSIX_SYMLOOP (a value defined in the limits.h header
file).
- ENAMETOOLONG
- pathname is longer than PATH_MAX characters
or a component of pathname is longer than NAME_MAX characters
while _POSIX_NO_TRUNC is in effect. For symbolic links, the length
of the pathname string substituted for a symbolic link exceeds PATH_MAX. The PATH_MAX and NAME_MAX values are determined using pathconf().
- ENOENT
- There is no file named pathname, or pathname is
an empty string.
- ENOTDIR
- A component of the path prefix is not a directory.
- EPERM
- The effective user ID (UID) of the calling process does not
match the owner of the file, and the calling process does not have
appropriate privileges.
- EROFS
- pathname specifies a file that is on a read-only file
system.
Example
CELEBC09
⁄* CELEBC09
This example changes the audit flags.
*⁄
#define _OPEN_SYS
#include <fcntl.h>
#include <sys⁄stat.h>
#include <sys⁄types.h>
#include <unistd.h>
#undef _OPEN_SYS
#include <stdio.h>
main() {
int fd;
char fn[]="chaudit.file";
if ((fd = creat(fn, S_IRUSR|S_IWUSR)) < 0)
perror("creat() error");
else {
close(fd);
if (chaudit(fn, AUDTREADFAIL, AUDT_USER) != 0)
perror("chaudit() error");
unlink(fn);
}
}