サポートと今すぐチャット
サポートとのチャット

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

use_rundir

Description

Type string READONLY

use_rundir is a read-only variable containing the value "!~!". You can use it as a placeholder in the context of any runtime variable to represent the runuser's home directory, as defined on the runhost. pmlocald replaces any instances of this value found in any runtime variable with the runuser's home directory on the runhost.

Example
allowedrequestusers={"root", "admin", "oradmin"}; 
//if requestuser is in allowed list, set runuser to requestuser 
  and set groups to match primary group on the runhost, 
//and change directory to runuser's home dir 
if (requestuser in allowedrequestusers) 
{ 
   runuser=requestuser; 
   rungroup=use_rungroup; 
   rungroups= {use_rungroup}; 
   runcwd = use_rundir; 
   accept; 
}

use_rungroup

Description

Type string READONLY

use_rungroup is a read-only variable containing the value "!g!". Use it as a placeholder in the context of any runtime variable to represent the runuser's primary group on the runhost. pmlocald replaces any instances of this value found in any runtime variable with the runuser's primary groupname on the runhost.

Example
allowedrequestusers={"root", "admin", "oradmin"}; 
//if requestuser is in allowed list, set runuser to requestuser 
   and set groups to match runuser's primary group only, 
//and change directory to runuser's home dir 
if (requestuser in allowedrequestusers) 
{ 
   runuser=requestuser; 
   rungroup=use_rungroup; 
   rungroups= {use_rungroup}; 
   runcwd = use_rundir; 
   accept; 
}

use_rungroups

Description

Type sting READONLY

use_rungroups is a read-only variable containing the value "!G!". Use it as a placeholder in the context of any runtime variable to represent the runuser's group list on the runhost. pmlocald replaces any instances of this value found in any runtime variable with the runuser's group list on the runhost.

Example
allowedrequestusers={"root", "admin", "oradmin"}; 
//if requestuser is in allowed list, set runuser to requestuser 
  and set groups to match those on the runhost, adding any 
//other run groups required, and change directory to runuser's home dir 
if (requestuser in allowedrequestusers) 
{ 
   runuser=requestuser; 
   rungroup=use_rungroup; 
   rungroups= {use_rungroups, "oraclegroup"}; 
   runcwd = use_rundir; 
   accept; 
}

use_runshell

Description

Type string READONLY

use_runshell is a read-only variable containing the value "!!!". Use it as a placeholder in the context of any runtime variable to represent the runuser's login shell on the runhost. pmlocald replaces any instances of this value found in any runtime variable with the runuser's login shell on the runhost.

Example
allowedrequestusers={"root", "admin", "oradmin"};
allowedscripts={"appscript1"}; 
//Run a script as the runuser's login shell. 
//If requestuser is in allowed list, set runuser to requestuser, set 
//environment to match runuser's environement, add some necessary  
//environment vars for this script, and run the script as the runuser's shell. 

if ((runcommand in allowedscripts) && (requestuser in allowedrequestusers)) 
{ 
   runuser=requestuser; 
   rungroup=use_rungroup; 
   rungroups= {use_rungroups, "appgroup"}; 
   runcwd = use_rundir; 
   
   //use the runuser's environment 
   profile_use_runuser=true; 
   
   //add an application environment var to runuser's env, based on runuser's 
   //home dir 
   str=sprintf("%s/appdir", use_rundir); 
   setenv("APP_LOCAL_DIR", str); 
   
   //Set the runcommand to use the runuser's shell to run the script 
   runcommand = use_runshell; 
   runargv=replace(runargv, 1, length(runargv)); 
   runargv[0]=use_runshell; 
   runargv=append(runargv, "-c"); 
   runargv=append(runargv, "/appdir/appscript"); 
   accept; 
}
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択