Hi, The India team was seeing a lack of audit records in some of the syscalls tests, so I did a little manual experimenting. With rules set for entry and exit for chown and chmod, I found that I got records for chmod and not chown (same results if I only have rules for one or the other). As root I created a file, su'ed to ealuser, and tried to do chmod and chown on that file. A record was created for chmod but not for chown. I su'ed back to root and successfully executed both commands; again a record for chmod but not chown. We were getting records for chown on the previous audit release. I haven't tried other syscalls to see how many might have this problem. Kris Wilson Linux Security (512) 838-0126 T/L:678-0126 krisw(a)us.ibm.com