int vas_user_in_ADgrouplist ( string username, string domain, list ADgrouplist [, boolean verbose] )
The vas_host_in_ADgrouplist function checks membership of the Active Directory group lists.
Returns the index of the matched list item if found, or -1 if not found.
int vas_user_is_member (string username, string groupname [, string domain [, boolean verbose]] )
The vas_user_is_member function checks whether a selected user name and selected domain is a member of the selected group. If domain is empty, it defaults to the joined domain. You can specify the group name as <domain>/<group> or <group>@<domain>.
Returns:
This section describes each of the Privilege Manager for Unix programs and their options. The following table indicates which Privilege Manager for Unix component installs each program.
| Name | Description | Server | Agent | Sudo |
|---|---|---|---|---|
|
Is a wrapper for the GNU Bourne Again SHell that provides transparent authorization and auditing for all commands submitted during the shell session. |
X |
X |
- | |
| pmcheck |
Verifies the syntax of a policy file. |
X | - | X |
| pmclientd |
The Privilege Manager for Unix Client daemon that listens on the configured policy server port and responds to a remote request. |
X | X | - |
| pmclientinfo |
Displays configuration information about a client host. |
X | X | - |
| pmcp |
Privilege Manager for Unix remote file copy command. |
X | X | - |
| pmcsh |
Privilege Manager for Unix C Shell provides transparent authorization and auditing for all commands submitted during the shell session. |
X | X | - |
| pmincludecheck |
Used by pmsrvconfig script on the primary server only. When configuring a primary server in pmpolicy type, if you do not have a policy file to import into the repository, then pmincludecheck initializes the policy from the current set of default policy files provided in the installation. |
X | - | - |
| pminfo |
Registers the local host with the Privilege Manager for Unix 5.5 policy server. Note that pminfo is obsolete as of version 5.6 and is included for backwards compatibility only. |
X | X | - |
| pmjoin |
Configures a Privilege Manager for Unix agent to communicate with the servers in the group. |
X | X | - |
| pmkey |
Generates and installs configurable certificates. |
X | X | X |
| pmksh |
Privilege Manager for Unix K Shell provides transparent authorization and auditing for all commands submitted during the shell session. |
X | X | - |
| pmless |
A terminal pager program that allows you to view (by not modify) the contents of a text file one screen at a time. |
X | X | - |
| pmlicense |
Displays current license information and allows you to update a license (an expired one or a temporary one before it expires) or create a new one. |
X | - | - |
| pmlist | Lists the commands that the user is permitted to run. | X | X | - |
| pmloadcheck |
Controls load balancing and failover for connections made from the host to the configured policy servers. |
X | X | - |
| pmlocald |
The Privilege Manager for Unix Local daemon which runs programs when instructed to do so by the appropriate policy server daemon. |
X | X | - |
| pmlog |
Displays entries in a Privilege Manager for Unix event log. |
X | - | - |
| pmlogadm |
Manages encryption options on the event log. |
X | - | - |
| pmlogsearch |
Searches all logs in a policy group based on specified criteria. |
X | - | - |
|
The Privilege Manager for Unix log access daemon, the service responsible for committing events to the Privilege Manager for Unix event log and managing the database storage used by the event log. |
X |
|
| |
| pmmasterd |
The Privilege Manager for Unix Master daemon which examines each user request and either accepts or rejects it based upon information in the Privilege Manager configuration file. You can have multiple pmmasterd daemons on the network to avoid having a single point of failure. |
X | - | X |
| pmmg |
A special version of an emacs text editor to use with Privilege Manager for Unix (gnu-style key bindings). |
X | X | - |
| pmpasswd |
Generates an encrypted password which can be used in the configuration file. |
X | - | - |
| pmpolicy |
A command-line utility for managing the Privilege Manager for Unix security policy. This utility checks out the current version, checks in an updated version, and reports on the repository. |
X | - | - |
| pmpolicyconvert |
Utility that allows you to verify, and if necessary, convert any number of policy files for use with Privilege Manager for Unix V5.5 (or later). |
X | - | - |
| pmpolsrvconfig |
Configures (or unconfigures) a primary or secondary policy server. Allows you to grant a user access to a repository. |
X | - | - |
| pmremlog |
Provides a wrapper for the pmlog and pmreplay utilities to access the event (audit) and keystroke (I/O) logs on any server in the policy group. |
X | - | - |
| pmreplay |
Replays an I/O log file allowing you to review what happened during a previous privileged session. |
X | - | - |
| pmresolvehost |
Verifies the host name or IP resolution for the local host or a selected host. |
X | X | X |
| pmrun |
Allows a user to run a command from their local machine as root. The policy server daemon, pmmasterd, examines each request from pmrun, and either accepts or rejects it based upon the policies specified in the policy file. |
X | X | - |
|
Allows Privilege Manager for Unix to launch the remote scp daemons. |
X |
- |
- | |
| pmserviced |
The Privilege Manager for Unix Service daemon listens on the configured ports for incoming connections for the Privilege Manager for Unix daemons. pmserviced uses options in pm.settings to determine the daemons to run, the ports to use, and the command line options to use for each daemon. |
X | X | X |
| pmsh |
Privilege Manager for Unix Bourne Shell that provides transparent authorization and auditing for all commands submitted during the shell session. |
X | X | - |
| pmshellwrapper |
A wrapper for any valid login shell on a host. |
X | X | - |
| pmsrvcheck |
Checks the Privilege Manager for Unix policy server configuration to ensure it is setup properly. |
X | - | - |
| pmsrvconfig |
Configures a primary or secondary policy server. |
X | - | - |
| pmsrvinfo | Verifies the policy server configuration. | X | - | - |
| pmstatus |
Verifies connectivity between Privilege Manager for Unix and the pmlocald and pmmasterd daemons on the specified hosts. |
X | X | - |
| pmsum |
Generates a simple checksum of a binary. |
X | - | - |
| pmsysid |
Displays the Privilege Manager for Unix system ID. |
X | X | X |
| pmtunneld |
The Privilege Manager for Unix Tunnel daemon that acts as a proxy for pmrun when pmlocald communicates with pmrun through a firewall. |
X | X | - |
| pmumacs |
A special version of a microemacs text editor to use with Privilege Manager for Unix (gosling-style key bindings). |
X | X | - |
| pmverifyprofilepolicy |
Verifies the syntax and structure of the policy file and checks whether a particular command will be accepted or rejected. |
X | - | - |
|
Allows users to access a specific file as root but no other root functions. |
|
|
|
pmbash -c <command>|-i|-l|-r|-s|-B|[-+]O <option>
The Privilege Manager for Unix Bourne Again SHell (pmbash) command is a wrapper program for the GNU Bourne Again SHell (bash), that provides transparent authorization and auditing for all commands submitted during the shell session. pmbash supports the standard options for bash.
Using the appropriate policy file variables, you can configure each command entered during a shell session, to be:
Once allowed by the shell, or authorized by the policy server, all commands run locally as the user running the shell program.
Unlike the other Privilege Manager for Unix shells, pmbash is not a standalone shell. It is a wrapper that runs the system version of the bash shell while logging keystrokes and authorizing shell commands via Privilege Manager for Unix. Command authorization is limited to external commands: pmbash, cannot authorize shell built-in commands.
pmbash has the following options.
| Option | Description |
|---|---|
|
-B |
Allows the shell to run in the background. |
|
-c <command> |
Runs the specified command from the next argument. |
|
-i |
Runs the shell in interactive mode even when input is not from a terminal. |
|
-l |
Acts as a login shell, the shell will read the contents of /etc/profile and $HOME/.profile if they exist. |
|
[+-]O <shopt_option> |
Sets or clears one of the shell options accepted by the shopt built-in command. |
|
-r |
Runs the shell in restricted mode. |
| The shell reads commands from standard input even when there are additional non-option arguments. |
Additional long options may also be specified, see the bash manual for details.
© ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz Cookie Preference Center
