{"id":"rhel9-auid-tracks-original-login-user","text":"The `auid` (audit UID / loginuid) is assigned at login and inherited across `su`/`sudo`, tracking the original login identity for accountability.","truth_value":"IN","source":"repo:entries/2026/03/04/en-documentation-red_hat_enterprise_linux-9-html-security_hardening-auditing-the.md","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"rhel9-auid-tracks-original-login-user","truth_value":"IN","reason":"premise"}]}}