Closed mutazalsallal closed 3 years ago
I ran a few tests and this seems to be related to how sysdig records and collects user information. I executed two scenarios with sysdig running it as a docker container:
Note: you can use sysdig -c spy_users
to log interactive user commands and check user names.
@terylt, do you know if this a known bug/limitation (of sysdig)?
Indicate project sf-collector
Describe the bug the username is null for non root users
To reproduce Steps to reproduce the behavior:
(maybe it happened because sysflow cached the user list when it starts, and I added the new user while sysflow is running)
Expected behavior sysflow is logging the correct user id, but the username is not logged, not for the parent process username/groupname.
also should we rename this as effective username? effective group name?
this is the logged process creation event:
Environment (please complete the following information):