지금 지원 담당자와 채팅
지원 담당자와 채팅

Safeguard for Sudo 7.1.1 - Administration Guide

Introducing Safeguard for Sudo Planning Deployment Installation and Configuration Upgrade Safeguard for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Troubleshooting Safeguard Variables Safeguard programs Installation Packages Unsupported Sudo Options Safeguard for Sudo Policy Evaluation

pmshell_restricted

Description

Type integer READ/WRITE

If pmshell_restricted is set to true, then the Privilege Manager for Unix shell program is run as a restricted shell. This means that the user cannot:

  • change directory
  • change the PATH, SHELL, or ENV variables
  • run any command that is not found in the PATH
  • run any command identified by full pathname
  • Overwrite any existing files using output redirection (such as, echo "" > /etc/passwd)

These restrictions are applied without any further authorization by the policy server. The default for this variable is false.

This variable is applicable to the pmsh, pmcsh, pmksh, and pmbash programs.

Example
if (user != "root") 
{ 
   pmshell_restricted = true; 
}
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택