Chat now with support
Chat mit Support

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

pmverifyprofilepolicy

Syntax
pmverifyprofilepolicy [-v | [-c][-z on|off[:<pid>]]] [-f <filename>] 
                      [-p <policydir>]
Description

Use pmverifyprofilepolicy to verify the syntax and structure of the policy file and check whether a particular command will be accepted or rejected. The policy is assumed to match the format of the default profile policy; if it is not in the expected format, then it displays an error for each file that is missing or is not in the correct format.

Options

pmverifyprofilepolicy has the following options.

Table 94: Options: pmverifyprofilepolicy
Option Description

-c

Displays output in csv, rather than human-readable, format.

The following line displays for each syntax error encountered:

PMCHECKERROR,<filename>,<linenumber>,<error_description>

The overall result displays in the following format:

PMVERIFYPROFILERESULT,<result>,<description>

where result can be: 0:success or -1:fail

For each file expected to contain data only, it prints the following line to stdout for each statement found in the file that is not a comment or variable assignment:

PMVERIFYPROFILECHECK,<filename>,<linenumber>,<description>

For each file expected to be unchanged, it prints the following line to stdout:

PMVERIFYPROFILENOMATCH,<filename>,<linenumber>,<description>

-f <filename>

Provides an alternative policy filename to check. If not fully qualified, this path is interpreted as relative to the policydir, rather than to the current directory.

-p <policydir>

Forces pmverifyprofilepolicy to search for a different policy directory for include files identified by relative path. The default location is the policydir setting in pm.setting.

-v

Prints the Privilege Manager for Unix version and exits.

-z

Enables or disables debug tracing, and optionally sends SIGHUP to running process.

Before using this option, see Enabling program-level tracing.

pmvi

Syntax
pmvi /<full_path_name>
Description

The pmvi editor is a special version of vi that you can use securely with Privilege Manager for Unix programs. You must specify a full path name as an argument when starting pmvi. Also, you will not be able to access any files other than the ones you specified at startup time nor spawn any processes.

Use pmvi to allow users to access a specific file as root but no other root functions.

Installation Packages

Privilege Manager for Unix is comprised of the following packages:

  • Privilege Manager for Unix product

    Contains the Privilege Manager for Unix Policy Server and PM Agent components and uses the native packaging system for each platform (RPM, PKG, and so on).

  • Safeguard for Sudo product

    Contains the Safeguard for Sudo Policy Server and Sudo Plugin components and uses the native packaging system for each platform (RPM, PKG, and so on).

  • Preflight Binary

    This is a stand-alone native binary for each platform (not zipped, tarred or packaged). This binary exists stand-alone on the ISO to make it available for use prior to installing software. It does not change any Privilege Manager for Unix configuration on the host.

For more information, see Downloading Privilege Manager for Unix software packages..

Package locations

Privilege Manager for Unix is provided in native platform install packages, which include binary files, online man pages, installation files, and configuration file examples.

The install packages are located in the zip archive in two directories called:

  • /server

  • /agent

  • /sudo_plugin

where <platform> is the name of the platform on which you are running Privilege Manager for Unix.

There are three different packages:

  • qpm-agent package, which contains only the client (pmrun) and agent (pmlocald) components for Privilege Manager for Unix.

  • qpm-server package, which contains the server (pmmasterd), the client (pmrun) and agent (pmlocald), and the Sudo Plugin (qpm4u_plugin.so) components for Privilege Manager for Unix.

  • qpm-plugin package, which contains the offline policy cache server (pmmasterd), the Sudo Plugin (qpm4u_plugin.so) components for Privilege Manager for Unix.

The Solaris server and agent packages have filenames that start with QSFTpmsrv and QSFTpmagt, respectively.

Once installed, the packaged files are placed in an installation directory under /opt/quest which contains subdirectories and files.

The platform directories contain the Privilege Manager for Unix installer packages for each platform supported by Privilege Manager for Unix.

Table 95: Privilege Manager kit directories
Platform Architecture

aix71-rs6k

IBM® AIX 7.1, 7.2

freebsd-x86_64

FreeBSD on x86 64-bit architecture

hpux-hppa11

HP-UX 11.31 PA-RISC architecture

hpux11-ia64

HP-UX 11.31 Itanium architecture

linux-aarch64

Linux on ARM 64-bit architecture

linux-ia64

Linux on Itanium architecture

linux-intel

Linux x86

linux-ppc64

Linux on ppc little endian 64-bit architecture

linux-ppc64le

Linux on ppc little endian 64-bit architecture

linux-s390

Linux s390

linux-x86_64

Linux on x86 64-bit architecture

macos-x86_64

macOS on x86 64-bit architecture

Solaris-intel

Solaris Intel architecture

Solaris-sparc

Solaris SPARC® architecture

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen