From time to time, users receive 8/8:4 from the following callable services:
ck_process_owner
ck_access
How do you interpret them?
First of all, the return codes format; 8/8:4 are respectively;
The SAF/RC:RSN 8/8:4 on ck_process_owner means the caller is not the owner of the process as specified on the call. The reason why the explanation is put as failing authorization for the callable service is that a superuser is always given return codes indicating that the caller is the owner, and the service is usually invoked by a superuser.
But the technical meaning of the return codes is that the caller does not own the process being checked. For this call, the caller is considered a superuser if the uid (either the current or the real uid) is 0 or if the user has access to
UNIXPRIV(SUPERUSER.PROCESS.GETPSENT)
The SAF/RC/RSN 8/8:4 on a ck_access simply means the caller is not UID 0 and is seeking an access only allowed to the file owner.
SERVICE USERID GROUP UID GID SAF RC RSN DATE TIME JOBNAME SOURCE SYSID CPU SECLABEL
Auditor : Read None Write None Exec/Search None
Effective UID: 5555 Effective GID: 55555
ck_access MYACID MYGRP 5555 55555 8 8 4
01/26/13 13.026 9.12.57 MYJOBNAME SYST
Failed - User not authorized to access file
Function: open User Type: Local
Requested Access: Read/Write
Name flag: Use CRED_name_flag to determine pathname
Pathname: /allapplication/myapplication/myfile.app
Filename: myfile.app
File Permissions: Owner: rw- Group: r-- Other: r--
Owning UID: 1000 Owning GID: 1000000000
Volume : File Identifier: 2E0000000000000000
File Audit Options:
User : Read Failure Write Failure Exec/Search Failure
Auditor : Read None Write None Exec/Search None
Effective UID: 5555 Effective GID: 55555
In the example above, MYACID:
so only Other authorization will apply (where read is allowed). The user asked for Read/Write, so access is denied accordingly.