The primary and secondary policy servers must be able to communicate with each other and the remote hosts must be able to communicate with the policy servers in the policy group.
For example, if you run the pmloadcheck command on a policy server or PM Agent to determine that it can communicate with other policy servers in the policy group, you may get output similar to the following:
++ Checking host:myhost.example.com (10.10.181.87) ... [FAIL]
There are several possible reasons for failure:
These are some ways to verify that the Privilege Manager for Unix service is running properly on the policy server host:
# pmsrvinfo
# ps –ef | grep pmserviced
# netstat –na | grep 12345
pmmasterdEnabled YES
# /etc/init.d/pmserviced restart
-Or-
pmserviced -s
This appendix provides detailed information about the components that you use to construct the Privilege Manager for Unix security policy file.
One Identity uses the following language standards to define the grammar of the policy scripting language used in Privilege Manager for Unix.
| Production | Description |
|---|---|
| <identifier> | ::= [A-Za-z][A-Za-z0-9_]* |
| <number> | ::= [0-9]+ |
| <octalnumber> | ::= 0[0-7]+ |
| <hexnumber> | ::= 0x[a-fA-F0-9]+ |
| <realnumber> | ::= <number> '.' <number> |
| <string> | ::= \" <non-double-quote | backslashed-double-quote >* \"
| ' <non-single-quote | backslashed-single-quote >* ' |
| <non-double-quote> | ::= [^\"] |
| <backslashed-double-quote> | ::= \\\" |
| <non-single-quote> | ::= [^'] |
| <backslashed-single-quote> | ::= \\' |
| <comment> | ::= <shell-style-comment> | <c-style-comment> | <cplusplus-style-comment> |
| <shell-style-comment> | ::= '#' [^\n]* |
| <c-style-comment> | ::= /\* [^\*/]* \*/ |
| <cplusplus-style-comment> | ::= // [^\n]* |
| Production | Description |
|---|---|
| Policy | ::= { Statement | Procedure } |
| Procedure | ::= ( 'procedure' | 'function' ) <identifier> '(' [Parameters] ')' BlockStatement |
| Parameters | ::= Parameter {',' Parameter } |
| Parameter | ::= <identifier> ['=' Expression] |
| Statements | ::= Statement { Statement } |
| Statement |
::= IfStatement | ForStatement | DoWhileStatement | WhileStatement | SwitchStatement | BreakStatement | ContinueStatement | ReturnStatement | AcceptStatement | RejectStatement | IncludeStatement | ReadOnlyStatement | ReadOnlyExceptStatement | ExpressionStatement | BlockStatement |
| IfStatement | ::= 'if' '(' Expression ')' Statement [ 'else' Statement ] |
| WhileStatement | ::= 'while' '(' Expression ')' Statement |
| DoWhileStatement | ::= 'do' BlockStatement 'while' '(' Expression ')' ';' |
| ForStatement |
::= 'for' '(' Expressions ';' Expression ';' [Expression] ')' Statement | 'for' '(' <identifier> 'in' Expression ')' Statement |
| SwitchStatement | ::= 'switch' '(' Expression ')' '{' [Cases][Default] '}' |
| Cases | ::= Case { Case } |
| Case | ::= 'case' Expression ':' Statements |
| Default | ::= 'default' Statements |
| BreakStatement | ::= 'break' ';' |
| ContinueStatement | ::= 'continue' ';' |
| ReturnStatement | ::= 'return' [ Expression ] ';' |
| IncludeStatement | ::= 'include' Expression ';' |
| AcceptStatement | ::= 'accept' ';' |
| RejectStatement | ::= 'reject' [ Expression ] ';' |
| ReadOnlyStatement | ::= 'readonly' Expression ';' |
| ReadOnlyExceptStatement | ::= 'readonlyexcept' Expression ';' |
| ExpressionStatement | ::= Expression ';' |
| BlockStatement | ::= '{' Statements '}' |
| Expressions | ::= Expression {',' Expressions } |
| Expression | ::= AssignmentExpression | ConditionalExpression |
| AssignmentExpression | ::= PrimaryExpression { AssignmentOp Expression } |
| AssignmentOp | ::= '=' | '+=' | '-=' | '*=' | '/=' |
| ConditionalExpression | ::= LogicalOrExpression [ '?' Expression ':' Expression ] |
| LogicalOrExpression | ::= LogicalAndExpression { '||' LogicalAndExpression } |
| LogicalAndExpression | ::= BitwiseOrExpression { '&&' BitwiseOrExpression } |
| BitwiseOrExpression | ::= BitwiseAndExpression { '|' BitwiseAndExpression } |
| BitwiseAndExpression | ::= EqualityExpression { '&' EqualityExpression } |
| EqualityExpression | ::= RelationalExpression { EqualityOp RelationalExpression } |
| EqualityOp | ::= '==' | '!= |
| RelationalExpression | ::= AdditiveExpression { RelationalOp AdditiveExpression } |
| RelationalOp | ::= '<' | '>' | '<=' | '>=' | 'in' |
| AdditiveExpression | ::= MultiplicativeExpression { AdditiveOp MultiplicativeExpression } |
| AdditiveOp | ::= '+' | '-' |
| MultiplicativeExpression | ::= PrimaryExpression { MultiplicativeOp PrimaryExpression } |
| MultiplicativeOp | ::= '*' | '/' | '%' |
| PrimaryExpression |
::= PrefixAssignmentExpression | DesignatorExpression | LiteralExpression | '-' Expression | '!' Expression | 'typeof' Expression | 'defined' <identifier> | '(' Expression ')' |
| PrefixAssignmentExpression | ::= PrefixOp <identifier> |
| PrefixOp | ::= '++' | '--' |
| DesignatorExpression |
::= <identifier> | <identifier> PostfixOp | <identifier> Arguments | <identifier> ListAccess { ListAccess } |
| PostfixOp | ::= '++' | '--' |
| Arguments | ::= '(' [Expressions] ')' |
| ListAccess | ::= '[' Expression ']' |
| LiteralExpression | ::= <string> | <number> | <hexnumber> | <octalnumber> | <realnumber> | ListLiteral |
| ListLiteral | ::= '{' [Expressions] '}' |
The following data types are available for use in the policy scripting language.
| Type | Description | Example |
|---|---|---|
| array | A multi-dimensional array that can contain any mixture of types. |
Users={"fred", "jen", "sally"}; Ids={1, 9, 10}; Usermap={ Users, Ids}; print(umap[0][2] + " -> " + umap[1][2]); |
| boolean | The values true and false. | x = true; |
| double | A number with a fractional component. |
x=2.5; y=4.3; print(x+y); #prints 6.8 |
| int |
The type integer includes the set of integers (…, -2, -1, 0, 1, 2, …). The constants true and false are defined to have the values 1 and 0, respectively. Specify hexadecimal numbers with the prefix 0x. |
count=0; x=y=1; You can specify an octal number by preceding it with a leading zero. For example, when specifying a umask value runumask=022 |
| ldapid | Special type to support LDAP functions. | |
| ldapsearchresult | Special type to support LDAP functions. | |
| list | An ordered group of strings separated by commas and surrounded by curly braces.
List elements are accessed by post-fixing them with square brackets [ ] containing the index of the desired element. Indices start at 0. |
mylist = {"string zero", "string one", "string two"}; print( {"a", "b", "c"}[1] ); # prints "b" |
| string | A sequence of zero or more characters within single or double quotes. |
Mystr="this is a string"; Str1="user: " + user; |
| Undefined | A variable is assigned a type when it is assigned a value of that type.
A variable that is referenced but has not been assigned a value is set to the type undefined. |
if (typeof(myvar) == "undefined") { myvar=user;} |
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책
