Chat now with support
Chat with Support

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Lesson 10: Basic menus

This final lesson demonstrates the use of a rudimentary menu system which you can present to the user when he enters the adminmenu command.

if(command=="adminmenu") {
   print("========= Admin Menu =========");
   print("1) Add users");
   print("2) Start a backup");
   print("3) Change ownership of a file");
   print("4) Fix line printer queues");
   choice = input("Please choose one: ");

   switch(choice) {
      case "1":
         if(!getstringpasswd("m9xxg7B4.v8Ck", "Type in the adduser
   password: ", 2))
            reject;
         runcommand = "/usr/local/bin/adduser";
         runuser = "root";
         break;
      case "2":
         runcommand = "/usr/local/bin/dobackup";
         runuser = "backup";
         break;
      case "3":
         runcommand = "/usr/bin/chown";
         runuser = "root";
         break;
      case "4":
         runcommand = "/usr/lib/lpadmin";
         runuser = "root";
         break;
      default:
         printf("\"%s\" was not a valid choice. Sorry.\n", choice);
         reject;
   }
   
   if (choice == "3") {
      file_name=input("Please enter the new owner's name then file name: ");
      arguments = split(file_name);
      runargv = insert(arguments, 0, "Spacer");
   }
   print("** Command to be run :", runcommand);
   print("** User to run command as :", runuser);
   accept;
}

This example shows how to gather input from the user, check the value of a literal hard-coded password, and manipulate command line arguments. It is purely illustrative of the scope and scale of what you can achieve from within a policy file, although there is much more that has not been covered in this lesson.

To see the sample policy used in this lesson, see Lesson 10 Sample: Basic menus.

Sample policy files

Electronic copies of the policy file samples used in each lesson are located in the /opt/quest/qpm4u/examples directory and they are reproduced for you in this section.

Main policy configuration file

##########################################################################
# Privilege Manager for Unix example configuration file
# One Identity 2013
# Example File : pm.conf
#
# Establish which Lesson has been selected and include the appropriate file
# accordingly
##########################################################################
PMINST=getenv("INSTBASE","/opt/quest/qpm4u");
PMLESSON=atoi(getenv("LESSON","1"));
EXAMPLEDIR=PMINST + "/examples";
if (PMLESSON<1 || PMLESSON>11)
   { printf("Invalid lesson %i selected, resetting to Lesson 1\n",PMLESSON);
      PMLESSON=1;
   }
system("clear");
printf("Lesson %i is selected\n",PMLESSON);
# The lessons take a user from the environment so that
# none of the scripts require modification before use
# this is taken from the environment variable LESSON_USER
# Make sure that you have set this a valid user which will
# be used for the purposes of this series of lessons.
PMLESSON_USER=getenv("LESSON_USER","demo");
if (PMLESSON_USER=="")
   { print("No user has been specified, user 'demo' will be assumed\n");
   }
if (user!=PMLESSON_USER)
   { print("------------------------ WARNING ---------------------------");
     printf("Your currently logged in as %s\n",user);
     printf("Your selected user for the lessons is %s\n",PMLESSON_USER);
     printf("This may not be what you intended, try 'su %s'\n",PMLESSON_USER);
     print("-----------------------------------------------------------\n");
   }
PML=sprintf("%i",PMLESSON);
switch (PML)
   {
      case "1":
         { include EXAMPLEDIR + "/example1.conf";
           break;
         }
      case "2":
         { include EXAMPLEDIR + "/example2.conf";
           break;
         }
      case "3":
         { include EXAMPLEDIR + "/example3.conf";
           break;
         }
      case "4":
         { include EXAMPLEDIR + "/example4.conf";
           break;
         }
      case "5":
         { include EXAMPLEDIR + "/example5.conf";
           break;
         }
      case "6":
         { include EXAMPLEDIR + "/example6.conf";
           break;
         }
      case "7":
         { include EXAMPLEDIR + "/example7.conf";
           break;
         }
      case "8":
         { include EXAMPLEDIR + "/example8.conf";
           break;
         }
      case "9":
         { include EXAMPLEDIR + "/example9.conf";
           break;
         }
      case "10":
         { include EXAMPLEDIR + "/example10.conf";
           break;
         }
}

reject;

For details on installing the example policy file, see Install the example policy file.

Lesson 1 Sample: Basic policy

#=================================================================
# Privilege Manager for Unix example configuration file
# One Identity 2013
#
# Example File : example1
#
# This file to have permissions of 600 (rw-------), and be owned by
# root.
#=================================================================
#=================================================================
print("-------------LESSON 1 DESCRIPTION---------------------------");
printf("Policy file %s/examples/example1.conf\n",PMINST);
print("-----------------------------------------------------------");
printf("This basic lesson uses a policy allowing users %s and
dan\n",PMLESSON_USER);
print("the rights to run any command as root.\n");
print("For example, to test this enter the command pmrun whoami");
print("which will return the value root as the logged in user.");
print("-----------------------------------------------------------");
i=0;
while (i<argc)
   { printf("%s ",argv[i]); # Redisplay the original command line for clarity
      i=i+1;
   }
printf("\n");
if (user=="dan" || user==PMLESSON_USER) {
   runuser="root";
   accept;
}
#=================================================================

For details on using this sample policy file, see Lesson 1: Basic policy.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating