Type integer READONLY
year contains the year in which the request was submitted in the format YY.
if ( (year == "08") || (year == "12") )
{
if ( (month == "01") && (day == "29") )
{
printf("This year is a leap year, something has gone wrong");
reject;
}
}The following predefined global variables are initialized from the submit user's environment.
| Variable | Data Type | Description |
|---|---|---|
| alertkeyaction | string | Action to be taken when alertkeysequence is matched. |
| alertkeysequence | list | List of patterns to match in a session. |
| disable_exec | integer | Specifies whether to prevent the runcommand process from executing new processes. |
| eventlog | string | Pathname of the audit log. |
| eventloghost | string | Host name list for remote event logging. |
| execfailedmsg | string | Message to display if runcommand cannot run. |
| iolog | string | Pathname of the keystroke log. |
| iolog_encrypt | integer | Specifies whether to encrypt the keystroke log. |
| iolog_errmax | integer | Max bytes to log for a stderr message. |
| iolog_opmax | integer | Max chars to log for a stdout message. |
| iologhost | string | Host name list for remote keystroke logging. |
| log_passwords | integer | Specifies whether to exclude passwords from the keystroke log. |
| logomit | list | Variables to omit from the audit and keystroke logs. |
| logstderr | integer | Specifies whether to keystroke log stderr messages. |
| logstdin | integer | Specifies whether to keystroke log stdin messages. |
| logstdout | integer | Specifies whether to keystroke log stdout messages. |
| notfoundmsg | string | Message to display if the runcommand is not found on the run host. |
| passprompts | list | Detects presence of password prompts. |
| pmshell_allow | list | Commands to allow in a Privilege Manager shell without further authorization. |
| pmshell_allowpipe | list | Commands to allow in a Privilege Manager shell without further authorization if input is from a pipe. |
| pmshell_checkbuiltins | integer | Specifies whether to authorize shell built-in commands in a Privilege Manager shell. |
| pmshell_forbid | list | Commands to forbid in a Privilege Manager shell without further authorization. |
| pmshell_readonly | list | Variables to mark as read-only in a Privilege Manager shell. |
| pmshell_reject | string | Reject message to display when a forbidden command runs in a Privilege Manager shell. |
| pmshell_restricted | integer | Specifies whether to run a Privilege Manager shell in restricted mode. |
| preserve_clienthost | integer | Specifies whether to use the originating login host name in preference to the submit host. |
| profile_keepenv | list | A list of values specified by the keepenv() call. |
| profile_setenv | list | A list of values specified by the setenv() call. |
| profile_unsetenv | list | A list of values specified by the unsetenv() call. |
| profile_use_runuser | string | Specifies whether to use the runuser’s environment rather than the submit user’s environment |
| rejectmsg | string | Message to display when a session is rejected. |
| runargv | list | List of arguments for the request. |
| runchroot | string | Requests the command to run with a specified root directory. |
| runcksum | string | Identifies a checksum to use to verify against the runcommand. |
| runclienthost | string | A modifiable copy of the clienhost input variable. |
| runcommand | string | Full pathname of the request. |
| runconfirmuser | string | Specifies whether the agent should request the runuser to authenticate before executing the runcommand. |
| runcwd | string | Working directory to set for the request. |
| runenv | list | List of environment variables to set for the request. |
| rungroup | string | Primary group to set for the request. |
| rungroups | list | List of secondary groups to set for the request. |
| runhost | string | Host on which to run the request. |
| runnice | integer | Nice value to apply for the request. |
| runpaths | list | A list of permitted paths for commands. |
| runptyflags | string | Pty flags to apply for the request. |
| runtimeout | integer | Specifies the number of seconds of idle time before ending the session. |
| runumask | integer | Umask value to apply for the request. |
| runuser | string | User to run the request. |
| runutmpuser | string | Utmp user to use when logging to utmp. |
| subprocuser | string | User name to run subprocesses of the policy server master daemon. |
| tmplogdir | integer | Directory used for temporary storage of I/O log files if a remote log host is specified in iologhost. |
Type string READ/WRITE
alertkeyaction contains the action to be taken if a command matches a pattern configured in alertkeysequence. The alertkeyaction can be defined as "reject", "log" or any custom string. The default value is "log".
switch (user) {
case "root" : alertkeyaction = "ignore"; break;
default : alertkeyaction = "log"; break;
}Type list READ/WRITE
alertkeysequence contains a list of regular expressions, against which pmlocald checks the standard input commands entered by the user during a session. If a match is found, then an alert is raised in the event log.
Switch (user) {
case "root": alertkeysequence={"passwd"};
alertkeyaction="log";
break;
default : alertkeysequence={"passwd", "shutdown"};
alertkeyaction="reject";
break;
}© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy