Chat now with support
Chat with Support

Please note, you may experience access issues between 6am - 7am Eastern time on Saturday, May 28 2022 due to planned maintenance

Privilege Manager for Unix 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages


pmsysid [-i] | -v

The pmsysid command displays the Privilege Manager system ID.


pmsysid has the following options.

Table 88: Options: pmsysid
Option Description
-i Shows the system host name and IP address.
-v Displays the Privilege Manager version and exits.


pmtunneld [ [-v] | [-z on|off[:<pid>]] | [[-e <logfile>] [-s] ] ]

The pmtunneld command acts as a proxy for pmrun when pmlocald communicates with pmrun through a firewall.

Communication sent from pmlocald is transmitted using port number 12347, by default, and received by pmtunneld. pmtunneld then transmits the data to pmrun. See Configuring pmtunneld for details.


pmtunneld has the following options.

Table 89: Options: pmtunneld
Option Description

-e <logfile>

Logs any tunnel proxy daemon errors in the file specified.


Sends any tunnel proxy daemon errors to syslog.


Displays the version number of Privilege Manager and exits.


Enables or disables tracing for this program and optionally for a currently running process.

Refer to Enabling program-level tracing before using this option.


pmumacs /<full_path_name>

The pmumacs text editor is a special version of microemacs that you can use securely with Privilege Manager programs; it is similar to the umacs editor. umacs is a small version of emacs with gosling-style emacs key bindings. You must specify a full path name as an argument when starting pmumacs. Also, you will not be able to access any files other than the ones you specified at startup time nor spawn any processes.

Use pmumacs to allow users to access a specific file as root but no other root functions.


pmverifyprofilepolicy [-v | [-c][-z on|off[:<pid>]]] [-f <filename>] 
                      [-p <policydir>]

Use pmverifyprofilepolicy to verify the syntax and structure of the policy file and check whether a particular command will be accepted or rejected. The policy is assumed to match the format of the default profile policy; if it is not in the expected format, then it displays an error for each file that is missing or is not in the correct format.


pmverifyprofilepolicy has the following options.

Table 90: Options: pmverifyprofilepolicy
Option Description

Displays output in csv, rather than human-readable, format.

The following line displays for each syntax error encountered:


The overall result displays in the following format:


where result can be: 0:success or -1:fail

For each file expected to contain data only, it prints the following line to stdout for each statement found in the file that is not a comment or variable assignment:


For each file expected to be unchanged, it prints the following line to stdout:


-f <filename> Provides an alternative policy filename to check. If not fully qualified, this path is interpreted as relative to the policydir, rather than to the current directory.
-p <policydir> Forces pmverifyprofilepolicy to search for a different policy directory for include files identified by relative path. The default location is the policydir setting in pm.setting.
-v Prints the Privilege Manager version and exits.

Enables or disables debug tracing, and optionally sends SIGHUP to running process.

Refer to Enabling program-level tracing before using this option.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating