Hi All,

We were asked to modify our 'at' and 'crontab' testcases so that the job being run contained a syscall.  Then we needed to verify that the correct audit record was generated for that syscall.  In doing so, I see that the audit record for the syscall executed by the job, contains "auid=0", rather than "auid=500" which is the user I initially logged in with.

I asked Klaus if this behavior is valid.  His reply, "The syscall audit record needs to have the auid of the user on whose
behalf the job is executing, for example auid=500, *not* 0."

-debbie