Supplemental Groups

Hi, I ran across something that I was wondering if we have a deficiency/bug. Do we need to capture supplemental group information? For example: [sgrubb@beast ~]$ su - root Password: [root@beast ~]# echo "test" > /opt/test.txt [root@beast ~]# chmod 0660 /opt/test.txt [root@beast ~]# chgrp wheel /opt/test.txt [root@beast ~]# ls -l /opt/test.txt -rw-rw---- 1 root wheel 5 Feb 22 11:30 /opt/test.txt [root@beast ~]# auditctl -a exit,always -S open -F loginuid=501 AUDIT_LIST: exit always loginuid=501 (0x10e5) syscall=open We created a file that's readable if you have wheel as a supplemental group. Now from another terminal: [sgrubb@beast ~]$ cat /opt/test.txt test [sgrubb@beast ~]$ OK...it worked. So let's go see what's in the logs: type=KERNEL msg=audit(1109089864.512:6279351): item=0 name=/opt/test.txt inode=136 dev=00:00 type=KERNEL msg=audit(1109089864.512:6279351): syscall=5 exit=3 a0=bff6aa07 a1=8000 a2=0 a3=8000 items=1 pid=26538 loginuid=501 uid=501 gid=501 euid=501 suid=501 fsuid=501 egid=501 sgid=501 fsgid=501 Somewhere in there I expected group #10 to be mentioned since that is what gave me access capability to the file. Does anyone know why its not recorded? Don't we need that information? -Steve Grubb