Type integer READONLY
Read-only constant for sudo type clients. You can compare pmclient_type_sudo to pmclient_type to determine if the request was sent from a Sudo Plugin client.
# reject if pmclient_type is "sudo" if (pmclient_type == pmclient_type_sudo) { reject; } else if (pmclient_type == pmclient_type_pmrun) { ok = true; }
Type integer READONLY
pmshell initializes to true if a Privilege Manager shell program (such as pmksh, pmsh, pmcsh, pmloginshell, and pmbash) is running; otherwise, the variable is undefined.
if (defined pmshell) { printf ("Now running: %s\n", pmshell_prog); pmshell_restricted = 1; pmshell_checkbuiltins = 1; pmshell_reject = "You are not allowed to run this command"; pmshell_allow = {"ls","grep","cat"}; pmshell_forbid = append(pmshell_forbid, "passwd"); pmshell_forbid = append(pmshell_forbid, "kill"); } else { printf("Not running a command within %s\n", pmshell_prog); accept; }
Type integer READONLY
pmshell_builtin is a constant value that identifies a shell builtin command. Use it to compare with the value of the pmshell_cmdtype variable.
if (defined pmshell_cmd){ if ((user in safe_shell_list) && (pmshell_cmdtype == pmshell_builtin)) { #allow all built-ins for selected users accept; } }
Type integer READONLY
pmshell_cmd is only defined if the command is a Privilege Manager shell program (in which case it is set to false) or the command is a shell subcommand running from a Privilege Manager shell program (in which case it is set to true).
This variable is only applicable to the pmsh, pmksh, pmcsh, and pmbash programs.
if (defined pmshell_cmd){ if (user !in safe_shell_list) { #check builtins pmshell_checkbuiltins=true; } }
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy