Chat now with support
Tchattez avec un ingénieur du support

Authentication Services 4.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting

Set a new Symbolic link

To set a new symbolic link

  1. Start Group Policy Editor.
  2. Select Unix Settings | Quest Authentication Services | Client Configuration in the scope view.
  3. Double click Symbolic Links.

    The Symbolic Links Properties dialog opens.

  4. Click Add.

    The Symbolic Link dialog opens.

  5. In the Existing File field, type the full Unix path to the file or directory to link to.
  6. In the Symbolic Link field, type the full Unix path where you want to create the link.

    Note: If the link target does not exist on the Unix host, it does not create the symbolic link.

  7. Click OK.

Syslog policy

You can configure which entries go into the Unix syslog configuration file. Syslog entries are appended to the log and cannot be overridden. However, if there is a duplicate entry, it is only added once to /etc/syslog.conf.

Add a Syslog entry

To add a syslog entry

  1. Start Group Policy Editor.
  2. Select Unix Settings | Quest Authentication Services | Client Configuration in the scope view.
  3. Double click Syslog.

    The Syslog Configuration Properties dialog opens.

  4. Click Add.

    The Syslog Rule dialog opens.

  5. In the Action field, type the syslog action target; enter a file path, a user list, or a host name depending on the type of action you select.
    • Regular File: Enter the absolute Unix file path to the syslog.conf file. The path must start with a "/".
    • Remote Host: Enter a host name to send the data remotely over to the syslog daemon running on the other machine.
    • User List: Enter a comma delimited list of users. When you select the User List option, it enables the Find button. Click Find to open the Active Directory Select Users dialog.
  6. Select the type of action: Regular File, Remote Host, or User List.
  7. In the Selector section:
    • Choose a facility.

      The Facility is the type of message you want to log.

    • Choose a priority.

      When you select a syslog Priority, it selects that priority plus all priorities listed below it.

      Note: To log to a specific priority only on a Linux platform, click Edit and add "=" before the priority name.

    • Click Insert to append these selections to the rule.
  8. Append additional facilities and priorities, as necessary.
  9. Click OK to return to the Syslog Configuration Properties dialog.
  10. Check the Remove local configuration option if you want to replace the syslog file with the new settings. If you leave this option deselected, the new settings are appended to the current syslog file.

    Note: If you select the Remove local configuration option, it backs up the old configuration file before it deletes it and applies the new policy.

  11. Click OK.

Sudo policy

Sudo allows certain users to get elevated access to certain commands even if they do not have root access. The sudoers file contains a list of rules that control the behavior of sudo. The Sudo policy controls the rules defined in the sudoers file.

The Sudo policy allows you to add, edit, remove and re-order sudo rules. A sudo rule consists of three parts:

  1. The command or commands to run.
  2. The user the command should be 'run as'. Typically this is the root user.
  3. A list of users or groups that the rule applies to.

To use Active Directory groups in sudo rules, select the Resolve Active Directory group names in /etc/sudoers option. This option requires Sudo 1.8 on the Unix host.

Note: The Sudo policy does not support all possible sudo configurations. If you need to handle more advanced scenarios you can use a file copy policy to place your base sudoers file and use a script policy to customize it.

Documents connexes