Type string READONLY
use_rungroup is a read-only variable containing the value "!g!". Use it as a placeholder in the context of any runtime variable to represent the runuser's primary group on the runhost. pmlocald replaces any instances of this value found in any runtime variable with the runuser's primary groupname on the runhost.
allowedrequestusers={"root", "admin", "oradmin"}; //if requestuser is in allowed list, set runuser to requestuser and set groups to match runuser's primary group only, //and change directory to runuser's home dir if (requestuser in allowedrequestusers) { runuser=requestuser; rungroup=use_rungroup; rungroups= {use_rungroup}; runcwd = use_rundir; accept; }
Type sting READONLY
use_rungroups is a read-only variable containing the value "!G!". Use it as a placeholder in the context of any runtime variable to represent the runuser's group list on the runhost. pmlocald replaces any instances of this value found in any runtime variable with the runuser's group list on the runhost.
allowedrequestusers={"root", "admin", "oradmin"}; //if requestuser is in allowed list, set runuser to requestuser and set groups to match those on the runhost, adding any //other run groups required, and change directory to runuser's home dir if (requestuser in allowedrequestusers) { runuser=requestuser; rungroup=use_rungroup; rungroups= {use_rungroups, "oraclegroup"}; runcwd = use_rundir; accept; }
Type string READONLY
use_runshell is a read-only variable containing the value "!!!". Use it as a placeholder in the context of any runtime variable to represent the runuser's login shell on the runhost. pmlocald replaces any instances of this value found in any runtime variable with the runuser's login shell on the runhost.
allowedrequestusers={"root", "admin", "oradmin"}; allowedscripts={"appscript1"}; //Run a script as the runuser's login shell. //If requestuser is in allowed list, set runuser to requestuser, set //environment to match runuser's environement, add some necessary //environment vars for this script, and run the script as the runuser's shell. if ((runcommand in allowedscripts) && (requestuser in allowedrequestusers)) { runuser=requestuser; rungroup=use_rungroup; rungroups= {use_rungroups, "appgroup"}; runcwd = use_rundir; //use the runuser's environment profile_use_runuser=true; //add an application environment var to runuser's env, based on runuser's //home dir str=sprintf("%s/appdir", use_rundir); setenv("APP_LOCAL_DIR", str); //Set the runcommand to use the runuser's shell to run the script runcommand = use_runshell; runargv=replace(runargv, 1, length(runargv)); runargv[0]=use_runshell; runargv=append(runargv, "-c"); runargv=append(runargv, "/appdir/appscript"); accept; }
Type string READONLY
user containts the submit user's login name.
If ( (user == "matt") && (command == "passwd") ) { printf("matt is not allowed to alter passwords"); reject; }
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy