Type integer READONLY
year contains the year in which the request was submitted in the format YY.
if ( (year == "08") || (year == "12") ) { if ( (month == "01") && (day == "29") ) { printf("This year is a leap year, something has gone wrong"); reject; } }
The following predefined global variables are initialized from the submit user's environment.
Variable | Data Type | Description |
---|---|---|
alertkeyaction | string | Action to be taken when alertkeysequence is matched. |
alertkeysequence | list | List of patterns to match in a session. |
disable_exec | integer | Specifies whether to prevent the runcommand process from executing new processes. |
eventlog | string | Pathname of the audit log. |
eventloghost | string | Host name list for remote event logging. |
execfailedmsg | string | Message to display if runcommand cannot run. |
iolog | string | Pathname of the keystroke log. |
iolog_encrypt | integer | Specifies whether to encrypt the keystroke log. |
iolog_errmax | integer | Max bytes to log for a stderr message. |
iolog_opmax | integer | Max chars to log for a stdout message. |
iologhost | string | Host name list for remote keystroke logging. |
log_passwords | integer | Specifies whether to exclude passwords from the keystroke log. |
logomit | list | Variables to omit from the audit and keystroke logs. |
logstderr | integer | Specifies whether to keystroke log stderr messages. |
logstdin | integer | Specifies whether to keystroke log stdin messages. |
logstdout | integer | Specifies whether to keystroke log stdout messages. |
notfoundmsg | string | Message to display if the runcommand is not found on the run host. |
passprompts | list | Detects presence of password prompts. |
pmshell_allow | list | Commands to allow in a Privilege Manager shell without further authorization. |
pmshell_allowpipe | list | Commands to allow in a Privilege Manager shell without further authorization if input is from a pipe. |
pmshell_checkbuiltins | integer | Specifies whether to authorize shell built-in commands in a Privilege Manager shell. |
pmshell_forbid | list | Commands to forbid in a Privilege Manager shell without further authorization. |
pmshell_readonly | list | Variables to mark as read-only in a Privilege Manager shell. |
pmshell_reject | string | Reject message to display when a forbidden command runs in a Privilege Manager shell. |
pmshell_restricted | integer | Specifies whether to run a Privilege Manager shell in restricted mode. |
preserve_clienthost | integer | Specifies whether to use the originating login host name in preference to the submit host. |
profile_keepenv | list | A list of values specified by the keepenv() call. |
profile_setenv | list | A list of values specified by the setenv() call. |
profile_unsetenv | list | A list of values specified by the unsetenv() call. |
profile_use_runuser | string | Specifies whether to use the runuser’s environment rather than the submit user’s environment |
rejectmsg | string | Message to display when a session is rejected. |
runargv | list | List of arguments for the request. |
runchroot | string | Requests the command to run with a specified root directory. |
runcksum | string | Identifies a checksum to use to verify against the runcommand. |
runclienthost | string | A modifiable copy of the clienhost input variable. |
runcommand | string | Full pathname of the request. |
runconfirmuser | string | Specifies whether the agent should request the runuser to authenticate before executing the runcommand. |
runcwd | string | Working directory to set for the request. |
runenv | list | List of environment variables to set for the request. |
rungroup | string | Primary group to set for the request. |
rungroups | list | List of secondary groups to set for the request. |
runhost | string | Host on which to run the request. |
runnice | integer | Nice value to apply for the request. |
runpaths | list | A list of permitted paths for commands. |
runptyflags | string | Pty flags to apply for the request. |
runtimeout | integer | Specifies the number of seconds of idle time before ending the session. |
runumask | integer | Umask value to apply for the request. |
runuser | string | User to run the request. |
runutmpuser | string | Utmp user to use when logging to utmp. |
subprocuser | string | User name to run subprocesses of the policy server master daemon. |
tmplogdir | integer | Directory used for temporary storage of I/O log files if a remote log host is specified in iologhost. |
Type string READ/WRITE
alertkeyaction contains the action to be taken if a command matches a pattern configured in alertkeysequence. The alertkeyaction can be defined as "reject", "log" or any custom string. The default value is "log".
switch (user) { case "root" : alertkeyaction = "ignore"; break; default : alertkeyaction = "log"; break; }
Type list READ/WRITE
alertkeysequence contains a list of regular expressions, against which pmlocald checks the standard input commands entered by the user during a session. If a match is found, then an alert is raised in the event log.
Switch (user) { case "root": alertkeysequence={"passwd"}; alertkeyaction="log"; break; default : alertkeysequence={"passwd", "shutdown"}; alertkeyaction="reject"; break; }
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy