Syntax
pmsum /<full_path_name>
Description
Use pmsum to generate a checksum of the named file. The output it produces can be used in a policy with the runcksum variable. If the requested binary/command does not match the checksum, it rejects the command.
Options
pmsum has the following options.
Table 91: Options: pmsum
-v |
Prints the version number of Privilege Manager for Unix and exits. |
Examples
# pmsum /bin/ls
5591e026 /bin/ls
Description
The pmsysid command displays the Privilege Manager for Unix system ID.
Options
pmsysid has the following options.
Table 92: Options: pmsysid
-i |
Shows the system host name and IP address. |
-v |
Displays the Privilege Manager for Unix version and exits. |
Syntax
pmtunneld [ [-v] | [-z on|off[:<pid>]] | [[-e <logfile>] [-s] ] ]
Description
The pmtunneld command acts as a proxy for pmrun when pmlocald communicates with pmrun through a firewall.
Communication sent from pmlocald is transmitted using port number 12347, by default, and received by pmtunneld. pmtunneld then transmits the data to pmrun. For more details, see Configuring pmtunneld.
Options
pmtunneld has the following options.
Table 93: Options: pmtunneld
-e <logfile> |
Logs any tunnel proxy daemon errors in the file specified. |
-s |
Sends any tunnel proxy daemon errors to syslog. |
-v |
Displays the version number of Privilege Manager for Unix and exits. |
-z |
Enables or disables tracing for this program and optionally for a currently running process.
Before using this option, see Enabling program-level tracing. |
Syntax
pmumacs /<full_path_name>
Description
The pmumacs text editor is a special version of microemacs that you can use securely with Privilege Manager for Unix programs; it is similar to the umacs editor. umacs is a small version of emacs with gosling-style emacs key bindings. You must specify a full path name as an argument when starting pmumacs. Also, you will not be able to access any files other than the ones you specified at startup time nor spawn any processes.
Use pmumacs to allow users to access a specific file as root but no other root functions.