Chatta subito con l'assistenza
Chat con il supporto

Safeguard for Sudo 7.3 - Administration Guide

Introducing Safeguard for Sudo Planning Deployment Installation and Configuration Upgrade Safeguard for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Supported sudo plugins Troubleshooting Safeguard for Sudo Variables Safeguard for Sudo programs Installation Packages Supported Sudoers directives Unsupported Sudo Options Safeguard for Sudo Policy Evaluation

runumask

Description

Type integer READ/WRITE

runumask is a modifiable copy of the umask input variable. Specifies the umask filter which determines file permissions for files created during execution of the runcommand.

Example
trustedusers = {"jamie", "cory", "robyn"}; 
if (user in trustedusers ) 
{ 
   runumask=066; 
}
Related Topics

umask

runuser

Description

Type string READ/WRITE

runuser is a modifiable copy of the user input variable. Specifies the user name that pmlocald uses when initializing the runtime environment for the runcommand.

Example
if ( (user == "apache") && (command == "admin.cgi") ) 
{ 
   runuser="root"; 
}
Related Topics

user

runutmpuser

Description

Type string READ/WRITE

runutmpuser specifies the login name of the user that will be used when updating the UNIX utmp and wtmp files when the request runs.

This variable also controls the login user name during a pmrun session, which is returned by the logname command or the getlogin system function.

If unset, it will default to the runuser variable.

TIP: If you want your site to have a more sudo-like behavior where the login user and the utmp entry contain the request user, add the following line to the policy:

runutmpuser=requestuser;

subprocuser

Description

Type string READ/WRITE

subprocuser is the user name used to run any subprocesses of pmmasterd such as, when running the system function. The default value is "root".

Example
subprocuser="appl_user"; 
cfile=system("find /home/applhome -name customprofile.txt"); 
if (status == 0) 
{ 
   print(readfile(cfile)); 
}
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione