Description
Type string READONLY
Process name of a client's parent process.
Example
# only allow requests submitted from a login shell
# (parent process name starts with a dash)
if (client_parent_procname[0] == "-") {
printf("process info -- name:[%s], pid[%d], uid[%d]\n"
client_parent_procname, client_parent_pid, client_parent_uid);
reject "only requests from login shells are allowed";
}
Description
Type string READONLY
clienthost contains the host name/IP address of the requesting host. For a typical pmrun command, this will be identical to the submithost variable. For a Privilege Manager for Unix shell running as a login shell (for example, pmksh, pmcsh, pmsh, pmloginshell, and pmbash), this will contain the host name from which the user is logging in, which may not be a Privilege Manager for Unix host. For example, if the user logs in by means of a telnet session from a Windows PC, then the clienthost variable will contain the host name of the Windows PC. Always use short names when checking the clienthost variable, as some login programs may truncate the full host name.
Example
# reject commands being issued from unknown workstations
workstations = {"sun34","sun35","sun36"};
if (!(clienthost in workstations))
reject;
Description
Type string READONLY
The name of the command being run.
The command variable generally contains the full path name of the command being run. Use the basename() function to get the command name without the full path.
Example
admincommands = {"hostname","kill","shutdown"};
if (basename(command) in admincommands)
{
runuser = "root";
accept;
}
Description
Type string READONLY
cwd contains the pathname of the submit user's current working directory.
Example
# if command is executed from any directory other than under /usr,
# change the working directory to /tmp
if (cwd != "/usr" && !glob("/usr/*", cwd))
runcwd = "/tmp";