Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Privilege Manager for Unix 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

rejectmsg

Description

Type string READ/WRITE

rejectmsg contains the message that displays when a request is rejected.

Example
rejectmsg= "You are not permitted to run this command";

runargv

Description

Type list READ/WRITE

runargv specifies the complete argument list for the session. This variable is initialized from the value of the incoming argv variable.

Example
# Setting the runargv in the policy file can be used to add additional 
# command line arguments to programs 
if (command == "runTest") 
{ 
   runargv=replace(runargv,1,length(runargv)); 
   runargv=append(runargv, "-u", user }; 
}
Related Topics

argv

runchroot

Description

Type string READ/WRITE

runchroot emulates the behavior of the system chroot command; that is, it runs a command with a specified root directory. Ordinarily, file names are looked up starting at the root of the directory structure, ('/'). Setting runchroot to a different value changes the root directory, a directory that must exist.

Example
if (basename(runcommand) == "customapplication") 
{ 
   runchroot="/home/customapplicationv"; 
}

runcksum

Description

Type string READ/WRITE

If runcksum is defined, pmlocald verifies the value of this variable against the checksum of the runcommand and rejects the request if it does not match. Set this variable to the value produced by running the pmsum command on the agent with the full pathname of the runcommand.

You can use this method to detect a program that has been changed without authorization, and a program that a user is attempting to run from an unauthorized path.

Example
# Generate a checksum value for the program "/usr/bin/passwd" on the agent:host1 
# for use in the policy file on the policy server. 
pmsum /usr/bin/passwd 

# The pmsum command displays the output: 
fbc9cf01 /usr/bin/passwd 

# Update the security policy using this checksum: 

if (( basename(runcommand) == "passwd" ) && (host == "host1")) 
{ 
   runcksum="fbc9cf01"; 
}
Documents connexes