Chat now with support
지원 담당자와 채팅

Privilege Manager for Sudo 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration Upgrade Privilege Manager for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Troubleshooting Privilege Manager Variables Privilege Manager programs Installation Packages Unsupported Sudo Options Privilege Manager for Sudo Policy Evaluation

Installed files and directories

The following table lists files and directories installed on your system.

Table 48: Installed files and directories
Directories and files Description Created by
/opt/quest/qpm4u Install directory containing readme, default trial license file, examples directory, templates, etc. INSTALL
/etc/opt/quest/qpm4u/pm.settings Configuration file for Privilege Manager component communications. CONFIG
/etc/opt/quest/qpm4u/policy/pm.conf Default production policy file when using the pmpolicy policy type. CONFIG
/etc/opt/quest/qpm4u/policies Default production policy framework directory when using the pmpolicy type. CONFIG
/etc/opt/quest/qpm4u/policies/sudoers Default production policy file for the sudo policy type. CONFIG
/opt/quest/bin

Install directory containing the binaries for user programs, such as pmrun, pmksh and pmvi.

NOTE: These user programs only apply to Privilege Manager for Unix.

CONFIG
/opt/quest/sbin Install directory containing the binaries for admin programs, such as pmlog and pmreplay. INSTALL
/opt/quest/lib Install directory for shared libraries INSTALL
/opt/quest/libexec Install directory for dynamically loaded objects. INSTALL
/opt/quest/man This directory contains all the man pages for Privilege Manager daemons and programs. INSTALL
/opt/quest/qpm4u/examples

This directory contains useful programs, scripts, or examples which show how to use Privilege Manager for Unix. It also contains a sample configuration file which you can use as a template for implementing your own policies.

NOTE: These scripts and examples only apply to Privilege Manager for Unix.

INSTALL
/opt/quest/qpm4u/license This file contains the license information (policy server only). For information about updating license information, see pmlicense. INSTALL
/opt/quest/qpm4u/qpm4u_eula.txt This file contains the End User License Agreement for the Privilege Manager product. INSTALL
/opt/quest/qpm4u/README. <architecture> This file contains the latest information about your version of Privilege Manager. INSTALL
/var/opt/quest/qpm4u/iolog This directory contains the keystroke logs. EVENTDATA
/var/opt/quest/qpm4u/pmevents.db This file contains the event logs. EVENTDATA

Unsupported Sudo Options

Sudo Plugin supports all sudo command options except those listed in the following tables:

Unsupported command line sudo options

Table 49: Unsupported command line sudo options
Sudo option Description
-a <type> Uses the specified authentication type.
-c <class> Runs the specified command with resources limited by the specified login class.
-ll Lists allowed commands in long format.
-r <role>

Causes security context to have specified role.

SELinux RBAC is not supported.

-t <type> Causes security context to have specified type.

Behavioral change

Table 50: Behavioral change
Sudo option Description
-k and -K These flags only remove the user’s credentials within the cache.
env_file When in "offline policy evaluation" mode, this option only works if the file is present on the off-line host.
fqdn Normally, when a policy has this flag enabled, sudo resolves host names on the policy server. However, when in off-line mode, sudo resolves host names from the policy cache server, which may produce different results.
group_plugin When in "off-line policy evaluation" mode, this option only works if the off-line host has group_plugin in the same path as the primary/secondary server.
lecture_file When in "off-line policy evaluation" mode, this option only works if the file is present on the off-line host.
logfile When in "off-line policy evaluation" mode, this option only works if the file is present on the off-line host.
mailerpath When in "off-line policy evaluation" mode, this option only works if the file is present on the off-line host.

관련 문서