Lesson 10: Basic menus
This final lesson demonstrates the use of a rudimentary menu system which you can present to the user when he enters the adminmenu command.
if(command=="adminmenu") {
print("========= Admin Menu =========");
print("1) Add users");
print("2) Start a backup");
print("3) Change ownership of a file");
print("4) Fix line printer queues");
choice = input("Please choose one: ");
switch(choice) {
case "1":
if(!getstringpasswd("m9xxg7B4.v8Ck", "Type in the adduser
password: ", 2))
reject;
runcommand = "/usr/local/bin/adduser";
runuser = "root";
break;
case "2":
runcommand = "/usr/local/bin/dobackup";
runuser = "backup";
break;
case "3":
runcommand = "/usr/bin/chown";
runuser = "root";
break;
case "4":
runcommand = "/usr/lib/lpadmin";
runuser = "root";
break;
default:
printf("\"%s\" was not a valid choice. Sorry.\n", choice);
reject;
}
if (choice == "3") {
file_name=input("Please enter the new owner's name then file name: ");
arguments = split(file_name);
runargv = insert(arguments, 0, "Spacer");
}
print("** Command to be run :", runcommand);
print("** User to run command as :", runuser);
accept;
}
This example shows how to gather input from the user, check the value of a literal hard-coded password, and manipulate command line arguments. It is purely illustrative of the scope and scale of what you can achieve from within a policy file, although there is much more that has not been covered in this lesson.
Refer to Lesson 10 Sample: Basic menus to see the sample policy used in this lesson.
Sample policy files
Electronic copies of the policy file samples used in each lesson are located in the /opt/quest/qpm4u/examples directory and they are reproduced for you in this section.
Main policy configuration file
##########################################################################
# Privilege Manager for Unix example configuration file
# One Identity 2013
# Example File : pm.conf
#
# Establish which Lesson has been selected and include the appropriate file
# accordingly
##########################################################################
PMINST=getenv("INSTBASE","/opt/quest/qpm4u");
PMLESSON=atoi(getenv("LESSON","1"));
EXAMPLEDIR=PMINST + "/examples";
if (PMLESSON<1 || PMLESSON>11)
{ printf("Invalid lesson %i selected, resetting to Lesson 1\n",PMLESSON);
PMLESSON=1;
}
system("clear");
printf("Lesson %i is selected\n",PMLESSON);
# The lessons take a user from the environment so that
# none of the scripts require modification before use
# this is taken from the environment variable LESSON_USER
# Make sure that you have set this a valid user which will
# be used for the purposes of this series of lessons.
PMLESSON_USER=getenv("LESSON_USER","demo");
if (PMLESSON_USER=="")
{ print("No user has been specified, user 'demo' will be assumed\n");
}
if (user!=PMLESSON_USER)
{ print("------------------------ WARNING ---------------------------");
printf("Your currently logged in as %s\n",user);
printf("Your selected user for the lessons is %s\n",PMLESSON_USER);
printf("This may not be what you intended, try 'su %s'\n",PMLESSON_USER);
print("-----------------------------------------------------------\n");
}
PML=sprintf("%i",PMLESSON);
switch (PML)
{
case "1":
{ include EXAMPLEDIR + "/example1.conf";
break;
}
case "2":
{ include EXAMPLEDIR + "/example2.conf";
break;
}
case "3":
{ include EXAMPLEDIR + "/example3.conf";
break;
}
case "4":
{ include EXAMPLEDIR + "/example4.conf";
break;
}
case "5":
{ include EXAMPLEDIR + "/example5.conf";
break;
}
case "6":
{ include EXAMPLEDIR + "/example6.conf";
break;
}
case "7":
{ include EXAMPLEDIR + "/example7.conf";
break;
}
case "8":
{ include EXAMPLEDIR + "/example8.conf";
break;
}
case "9":
{ include EXAMPLEDIR + "/example9.conf";
break;
}
case "10":
{ include EXAMPLEDIR + "/example10.conf";
break;
}
}
reject;
See Install the example policy file for details on installing the example policy file.
Lesson 1 Sample: Basic policy
#=================================================================
# Privilege Manager for Unix example configuration file
# One Identity 2013
#
# Example File : example1
#
# This file to have permissions of 600 (rw-------), and be owned by
# root.
#=================================================================
#=================================================================
print("-------------LESSON 1 DESCRIPTION---------------------------");
printf("Policy file %s/examples/example1.conf\n",PMINST);
print("-----------------------------------------------------------");
printf("This basic lesson uses a policy allowing users %s and
dan\n",PMLESSON_USER);
print("the rights to run any command as root.\n");
print("For example, to test this enter the command pmrun whoami");
print("which will return the value root as the logged in user.");
print("-----------------------------------------------------------");
i=0;
while (i<argc)
{ printf("%s ",argv[i]); # Redisplay the original command line for clarity
i=i+1;
}
printf("\n");
if (user=="dan" || user==PMLESSON_USER) {
runuser="root";
accept;
}
#=================================================================
See Lesson 1: Basic policy for details on using this sample policy file.