The following predefined global variables are initialized from the submit-user’s environment.
| Variable | Data type | Description |
|---|---|---|
| alertkeymatch | sting | The pattern matched by pmlocald. |
| argc | integer | Number of arguments in the request. |
| argv | list | List of arguments in the request. |
| client_parent_pid | integer | Process ID of the client's parent process. |
| client_parent_uid | integer | User ID associated with the client's parent process. |
| client_parent_procname | string | Process name of a client's parent process. |
| clienthost | string | Originating login host. |
| command | string | Pathname of the request. |
| cwd | string | Current working directory. |
| date | string | Current date. |
| day | integer | Current day of month as integer. |
| dayname | string | Current day of the week. |
| domainname | string | The Active Directory domain name for the submit user if Authentication Services is configured. |
| env | list | List of submit user’s environment variables. |
| false | integer | Constant value. |
| FEATURE_LDAP | integer | Read-only constant used with feature_enabled() function. |
| FEATURE_VAS | integer | Read-only constant used with feature_enabled() function. |
| gid | integer | Group ID of the submitting user’s primary group on sudo host. |
| group | string | Submit user’s primary group. |
| groups | list | Submit user’s secondary groups. |
| host | string | Host destined to run the request. |
| hour | integer | Current hour. |
| masterhost | sting | Host on which the master process is running. |
| masterversion | string | Privilege Manager version of masterhost. |
| minute | integer | Current minute. |
| month | integer | Current month. |
| nice | integer | nice value of the submit user’s login. |
| nodename | string |
Hostname of pmrun agent. |
| pid | integer | Process ID of the master process. |
| pmclient_type | integer | The type of client that sent the request. |
| pmclient_type_pmrun | integer | Read-only constant for pmrun type clients. |
| pmclient_type_sudo | integer | Read-only constant for sudo type clients. |
| pmshell | integer | Identifies a Privilege Manager shell program. |
| pmshell_builtin | integer | A constant value that identifies a shell builtin command. |
| pmshell_cmd | integer | Identifies a command run from a Privilege Manager shell program. |
| pmshell_cmdtype | integer | Identifies type of a shell subcommand. |
| pmshell_exe | integer | A constant value that identifies a normal executable command. |
| pmshell_interpreter | integer | Identifies the program directive of a shell script. |
| pmshell_prog | string | Name of the Privilege Manager shell program. |
| pmshell_script | integer | A constant value that identifies a shell script. |
| pmshell_uniqueid | string | uniqueid of the Privilege Manager shell program. |
| pmversion | string | Privilege Manager version string of client. |
| ptyflags | string | Identifies ptyflags of the request. |
| requestlocal | integer | Indicates if the request is local. |
| requestuser | string | User that the submit user wants to run the request. |
| samaccount | string | The sAMAccountName for the submit user if Authentication Services is configured. |
| status | integer | Exit status of the most recent system command. |
| submithost | string | Name of the submit host. |
| submithostip | string | IP address of the submit host. |
| thishost | string | The value of the thishost setting in pm.settings on the client. |
| time | string | Current time of request. |
| true | integer | Read-only constant with a value of 1. |
| ttyname | string | ttyname of the submit request. |
|
string |
Name of the time zone on the server at the time the event was read from the event log by pmlog. | |
| uid | integer | User ID of the submitting user on host. |
| umask | integer | umask of the submit user. |
| unameclient | list | Uname output on host. |
| uniqueid | string | Uniquely identifies a request in the event log. |
| use_rundir | string | Contains the value "!~!" and represents the runuser’s home directory on the runhost. |
| use_rungroup | string | Contains the value "!g!" and represents the runuser’s primary group on the runhost. |
| use_rungroups | string | Contains the value "!G!" and represents the runuser’s secondary group list on the runhost. |
| use_runshell | string | Contains the value "!!!" and represents the runuser’s login shell on the runhost. |
| user | string | Submit user. |
| year | integer | Year of the request (YY). |
Type string READONLY
alertkeymatch contains the pattern matched by pmlocald. This variable is not available for use in the policy file, it is only available in the event log. To view the event log, use the pmlog -l command.
#view all alerts recorded in the audit log that match the pattern "passwd" pmlog –l -c 'alertkeymatch == "passwd"'
Type integer READONLY
argc contains the number of arguments supplied for the original command. This includes the command name itself.
# if any arguments are passed to a vi editor program, like vi
# then verify the path is not in a list of forbidden directories
if ((basename(command) in vi_program_list) && (argc > 1))
{
count=0;
while (count < length(forbid_dir_list))
{
if (glob(forbid_dir_list[count], dirname(argv[1])))
{
reject "You are not allowed to edit a file in this directory";
}
count=count+1;
}
}Type list READONLY
argv is a list of the arguments supplied for the original command, including the command itself.
# if any arguments are passed to an editor program, like vi
# then verify the path is not in a list of forbidden directories
if ((basename(command) in vi_program_list) && (argc > 1))
{
count=0;
while (count < length(forbid_dir_list))
{
if (glob(forbid_dir_list[count], dirname(argv[1])))
{
reject "You are not allowed to edit a file in this directory";
}
count=count+1;
}
}© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy