Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Privilege Manager for Unix 6.1.1 - Administration Guide for Unix

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

pmsysid

Syntax
pmsysid [-i] | -v
Description

The pmsysid command displays the Privilege Manager system ID.

Options

pmsysid has the following options.

Table 88: Options: pmsysid
Option Description
-i Shows the system host name and IP address.
Displays the Privilege Manager version and exits.

pmtunneld

Syntax
pmtunneld [ [-v] | [-z on|off[:<pid>]] | [[-e <logfile>] [-s] ] ]
Description

The pmtunneld command acts as a proxy for pmrun when pmlocald communicates with pmrun through a firewall.

Communication sent from pmlocald is transmitted using port number 12347, by default, and received by pmtunneld. pmtunneld then transmits the data to pmrun. See Configuring pmtunneld for details.

Options

pmtunneld has the following options.

Table 89: Options: pmtunneld
Option Description

-e <logfile>

Logs any tunnel proxy daemon errors in the file specified.

-s

Sends any tunnel proxy daemon errors to syslog.

-v

Displays the version number of Privilege Manager and exits.

Enables or disables tracing for this program and optionally for a currently running process.

Refer to Enabling program-level tracing before using this option.

pmumacs

Syntax
pmumacs /<full_path_name>
Description

The pmumacs text editor is a special version of microemacs that you can use securely with Privilege Manager programs; it is similar to the umacs editor. umacs is a small version of emacs with gosling-style emacs key bindings. You must specify a full path name as an argument when starting pmumacs. Also, you will not be able to access any files other than the ones you specified at startup time nor spawn any processes.

Use pmumacs to allow users to access a specific file as root but no other root functions.

pmverifyprofilepolicy

Syntax
pmverifyprofilepolicy [-v | [-c][-z on|off[:<pid>]]] [-f <filename>] 
                      [-p <policydir>]
Description

Use pmverifyprofilepolicy to verify the syntax and structure of the policy file and check whether a particular command will be accepted or rejected. The policy is assumed to match the format of the default profile policy; if it is not in the expected format, then it displays an error for each file that is missing or is not in the correct format.

Options

pmverifyprofilepolicy has the following options.

Table 90: Options: pmverifyprofilepolicy
Option Description
-c

Displays output in csv, rather than human-readable, format.

The following line displays for each syntax error encountered:

PMCHECKERROR,<filename>,<linenumber>,<error_description>

The overall result displays in the following format:

PMVERIFYPROFILERESULT,<result>,<description>

where result can be: 0:success or -1:fail

For each file expected to contain data only, it prints the following line to stdout for each statement found in the file that is not a comment or variable assignment:

PMVERIFYPROFILECHECK,<filename>,<linenumber>,<description>

For each file expected to be unchanged, it prints the following line to stdout:

PMVERIFYPROFILENOMATCH,<filename>,<linenumber>,<description>

-f <filename> Provides an alternative policy filename to check. If not fully qualified, this path is interpreted as relative to the policydir, rather than to the current directory.
-p <policydir> Forces pmverifyprofilepolicy to search for a different policy directory for include files identified by relative path. The default location is the policydir setting in pm.setting.
-v Prints the Privilege Manager version and exits.

Enables or disables debug tracing, and optionally sends SIGHUP to running process.

Refer to Enabling program-level tracing before using this option.

Documents connexes