サポートと今すぐチャット
サポートとのチャット

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

client_parent_procname

Description

Type string READONLY

Process name of a client's parent process.

Example
# only allow requests submitted from a login shell
# (parent process name starts with a dash) 
if (client_parent_procname[0] == "-") { 
   printf("process info -- name:[%s], pid[%d], uid[%d]\n" 
      client_parent_procname, client_parent_pid, client_parent_uid); 
   reject "only requests from login shells are allowed"; 
}
Related Topics

client_parent_pid

client_parent_uid

clienthost

Description

Type string READONLY

clienthost contains the host name/IP address of the requesting host. For a typical pmrun command, this will be identical to the submithost variable. For a Privilege Manager for Unix shell running as a login shell (for example, pmksh, pmcsh, pmsh, pmloginshell, and pmbash), this will contain the host name from which the user is logging in, which may not be a Privilege Manager for Unix host. For example, if the user logs in by means of a telnet session from a Windows PC, then the clienthost variable will contain the host name of the Windows PC. Always use short names when checking the clienthost variable, as some login programs may truncate the full host name.

Example
# reject commands being issued from unknown workstations 
workstations = {"sun34","sun35","sun36"}; 
if (!(clienthost in workstations)) 
   reject;
Related Topics

submithost

submithostip

runhost

eventloghost

runclienthost

command

Description

Type string READONLY

The name of the command being run.

The command variable generally contains the full path name of the command being run. Use the basename() function to get the command name without the full path.

Example
admincommands = {"hostname","kill","shutdown"}; 
if (basename(command) in admincommands) 
{ 
   runuser = "root"; 
   accept; 
}
Related Topics

runcommand

cwd

Description

Type string READONLY

cwd contains the pathname of the submit user's current working directory.

Example
# if command is executed from any directory other than under /usr, 
# change the working directory to /tmp 
if (cwd != "/usr" && !glob("/usr/*", cwd)) 
   runcwd = "/tmp";
Related Topics

runcwd

関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択