hpux 10.20 - audusr (1)



 NAME
      audusr - select users to audit

 SYNOPSIS
      audusr [[-a user] ...] [[-d user] ...] [-A|-D]

 DESCRIPTION
      audusr is used to specify users to be audited or excluded from
      auditing.  If no arguments are specified, audusr displays the command
      usage.  audusr is restricted to super-users.

    Options
      audusr recognizes the following options:

           -a user        Audit the specified user.  The auditing system
                          records audit records to the ``current'' audit
                          file when the specified user executes audited
                          events or system calls.  Use audevent to specify
                          events to be audited (see audevent(1M)).

           -d user        Do not audit the specified user.

           -A             Audit all users.

           -D             Do not audit any users.

      The -A and -D options are mutually exclusive: that is, if -A is
      specified, -d cannot be specified; if -D is specified, -a cannot be
      specified.

      Users specified with audusr are audited (or excluded from auditing)
      beginning with their next login session, until excluded from auditing
      (or specified for auditing) with a subsequent audusr invocation.
      Users already logged into the system when audusr is invoked are
      unaffected during that login session; however, any user who logs in
      after audusr is invoked is audited or excluded from auditing
      accordingly.

 AUTHOR
      audusr was developed by HP.

 FILES
      /tcb/files/auth/*/* File containing flags to indicate whether users
                          are audited.

 SEE ALSO
      audit(5), audevent(1M), setaudproc(2), audswitch(2), audwrite(2).