BSD process accounting has aq flag which notes whether a process has used super user privs or not. Should it count if a process uses super user privs to override file access permissions? Currently we don't take this into account.
Cheers Chris