Chat now with support
Chat with Support

Privilege Manager for Unix 7.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

pmtunneld

Syntax
pmtunneld [ [-v] | [-z on|off[:<pid>]] | [[-e <logfile>] [-s] ] ]
Description

The pmtunneld command acts as a proxy for pmrun when pmlocald communicates with pmrun through a firewall.

Communication sent from pmlocald is transmitted using port number 12347, by default, and received by pmtunneld. pmtunneld then transmits the data to pmrun. See Configuring pmtunneld for details.

Options

pmtunneld has the following options.

Table 90: Options: pmtunneld
Option Description

-e <logfile>

Logs any tunnel proxy daemon errors in the file specified.

-s

Sends any tunnel proxy daemon errors to syslog.

-v

Displays the version number of Privilege Manager for Unix and exits.

-z

Enables or disables tracing for this program and optionally for a currently running process.

Refer to Enabling program-level tracing before using this option.

pmumacs

Syntax
pmumacs /<full_path_name>
Description

The pmumacs text editor is a special version of microemacs that you can use securely with Privilege Manager for Unix programs; it is similar to the umacs editor. umacs is a small version of emacs with gosling-style emacs key bindings. You must specify a full path name as an argument when starting pmumacs. Also, you will not be able to access any files other than the ones you specified at startup time nor spawn any processes.

Use pmumacs to allow users to access a specific file as root but no other root functions.

pmverifyprofilepolicy

Syntax
pmverifyprofilepolicy [-v | [-c][-z on|off[:<pid>]]] [-f <filename>] 
                      [-p <policydir>]
Description

Use pmverifyprofilepolicy to verify the syntax and structure of the policy file and check whether a particular command will be accepted or rejected. The policy is assumed to match the format of the default profile policy; if it is not in the expected format, then it displays an error for each file that is missing or is not in the correct format.

Options

pmverifyprofilepolicy has the following options.

Table 91: Options: pmverifyprofilepolicy
Option Description
-c

Displays output in csv, rather than human-readable, format.

The following line displays for each syntax error encountered:

PMCHECKERROR,<filename>,<linenumber>,<error_description>

The overall result displays in the following format:

PMVERIFYPROFILERESULT,<result>,<description>

where result can be: 0:success or -1:fail

For each file expected to contain data only, it prints the following line to stdout for each statement found in the file that is not a comment or variable assignment:

PMVERIFYPROFILECHECK,<filename>,<linenumber>,<description>

For each file expected to be unchanged, it prints the following line to stdout:

PMVERIFYPROFILENOMATCH,<filename>,<linenumber>,<description>

-f <filename> Provides an alternative policy filename to check. If not fully qualified, this path is interpreted as relative to the policydir, rather than to the current directory.
-p <policydir> Forces pmverifyprofilepolicy to search for a different policy directory for include files identified by relative path. The default location is the policydir setting in pm.setting.
-v Prints the Privilege Manager for Unix version and exits.

-z

Enables or disables debug tracing, and optionally sends SIGHUP to running process.

Refer to Enabling program-level tracing before using this option.

pmvi

Syntax
pmvi /<full_path_name>
Description

The pmvi editor is a special version of vi that you can use securely with Privilege Manager for Unix programs. You must specify a full path name as an argument when starting pmvi. Also, you will not be able to access any files other than the ones you specified at startup time nor spawn any processes.

Use pmvi to allow users to access a specific file as root but no other root functions.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating