Type integer READONLY
pmshell_script is a constant value that identifies a shell script. Use it for comparison with the value of the pmshell_cmdtype variable.
if (defined pmshell_cmd && (pmshell_cmdtype == pmshell_script)) { #forbid any shell scripts unless interpreter is a program in /opt/quest/bin if (dirname (pmshell_interpreter) != "/opt/quest/bin")) { reject "You cannot run this script"; } }
Type string READONLY
pmshell_uniqueid is only defined if the command is a shell subcommand running from a Privilege Manager shell (pmsh, pmcsh, pmksh, and pmbash). It contains the uniqueid of the session running the shell program. It allows the individual commands running within the shell to be identified as part of the same shell session when viewing the audit log entries.
#shell script example to print out all shell commands for each shell run on #15 january 2009 #constraint to select pmshell programs running on selected date constraint="(date=\"2009/01/15\") && (pmshell==1) && (pmshell_cmd==0))" #format to display user and shell program name userformat="sprintf(\"User:%s, shell:%s\", user, pmshell_prog)" #format to display shell subcommand name and time shellformat="sprintf(\" Time:%s, ShellCommand:%s\n", time, runcommand)" #find the unique IDs for all shell sessions allids=`/bin/sh –c "pmlog –p 'sprintf(\"%s\", uniqueid)' –c '${constraint}'"` #for each shell session, print out the username and shell program name, #and display each shell command run from the shell, with the time it was #executed for one in $allids do cmd="pmlog –p '${userformat}' –c 'uniqueid==\"${one}\"'" /bin/sh –c "${cmd}" cmd="pmlog –p '${shellformat}' -c 'pmshell_uniqueid==\"${one}\"'" /bin/sh –c "$cmd" done
Type string READONLY
pmversion contains the Privilege Manager version and build number.
print("The current Privilege Manager version is %s", pmversion);
Type string READONLY
ptyflags contains a bitmask indicating the ptyflags set from the submit user's environment. If set, the following bits indicate:
Bit 0: stdin is open
Bit 1: stdout is open
Bit 2: stderr is open
Bit 3: command was run in pipe mode
Bit 4: stdin is from a socket
Bit 5: command to be run using nohup
PTY_IN=0x1; if (ptyflags & PTY_IN) { #only authenticate if stdin is open and password can be entered if (!authenticate_pam(user, "sshd")) { reject "Failed to authenticate user"; } } else { reject "Cannot authenticate the user"; }
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책