サポートと今すぐチャット
サポートとのチャット

Privilege Manager for Unix 7.2.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

pmshell_cmdtype

Description

Type integer READONLY

pmshell_cmdtype is only defined if the command is a shell subcommand running from a Privilege Manager for Unix shell.

This variable is only applicable to the pmsh, pmcsh, pmksh, and pmbash programs.

It is set to one of these constant values: pmshell_builtin, pmshell_script, or pmshell_exe.

Example
if (defined pmshell_cmd){ 
   if (user !in safe_shell_list) 
   { 
      #check builtins 
      pmshell_checkbuiltins=true; 
   } 
}

pmshell_exe

Description

Type integer READONLY

pmshell_exe contains a constant value that identifies a normal executable command. Use it to compare with the value of the pmshell_cmdtype variable.

Example
if (defined pmshell_cmd){ 
   if (pmshell_cmdtype == pmshell_exe) 
   { 
      if (basename(runcommand) in shell_sub_list) { 
         accept; 
      } 
   } 
}

pmshell_interpreter

Description

Type integer READONLY

pmshell_interpreter is only defined if the command is running from within a Privilege Manager for Unix shell program. If the shell subcommand is an interpreted script (that is, the first line of the file contains a directive in the format #!<path>) then this variable contains the pathname of the interpreter identified by this directive. Use this variable to detect and reject a user from running an unrestricted shell script from within a restricted shell program.

Example
if (defined pmshell) 
{ 
   printf("Starting %s shell\n", pmshell_prog); 
   accept; 
} 
if ((defined pmshell_cmd) && (pmshell_cmd == true)) 
{ 
   # if running a restricted shell, then don't allow the user to run a shell 
   # script unless it's a Privilege Manager for Unix shell 
   if (pmshell_restricted && (pmshell_cmdtype == pmshell_script)) 
   { 
      if (dirname(pmshell_interpreter) != "/opt/quest/bin") 
      { 
         reject "Restricted shell only permits you to run a shell in the 
					/opt/quest/bin directory"; 
      } 
   }

pmshell_prog

Description

Type string READONLY

pmshell_prog is only defined if a Privilege Manager for Unix shell program is running. If a shell is running, it is set to the name of the shell program (pmsh, pmcsh, pmksh, pmloginshell, or pmbash).

Example
if (defined pmshell) 
{ 
   printf("Starting %s shell\n", pmshell_prog); 
   accept; 
}
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択