Chat now with support
Chat with Support

Privilege Manager for Unix 6.1.1 - Administration Guide for Unix

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

pmvi

Syntax
pmvi /<full_path_name>
Description

The pmvi editor is a special version of vi that you can use securely with Privilege Manager programs. You must specify a full path name as an argument when starting pmvi. Also, you will not be able to access any files other than the ones you specified at startup time nor spawn any processes.

Use pmvi to allow users to access a specific file as root but no other root functions.

Installation Packages

Privilege Manager is comprised of the following packages:

  • Privilege Manager for Unix product

    Contains the Privilege Manager Policy Server and PM Agent components and uses the native packaging system for each platform (RPM, PKG, etc).

  • Privilege Manager for Sudo product

    Contains the Privilege Manager Policy Server and Sudo Plugin components and uses the native packaging system for each platform (RPM, PKG, etc).

  • Preflight Binary

    This is a stand-alone native binary for each platform (not zipped, tarred or packaged). This binary exists stand-alone on the ISO to make it available for use prior to installing software. It does not change any Privilege Manager configuration on the host.

For more information, see Downloading Privilege Manager for Unix software packages.

Package locations

Privilege Manager is provided in native platform install packages, which include binary files, online man pages, installation files, and configuration file examples.

The install packages are located in the zip archive in two directories called:

  • /server
  • /agent
  • /sudo_plugin

where <platform> is the name of the platform on which you are running Privilege Manager.

There are three different packages:

  • qpm-agent package, which contains only the client (pmrun) and agent (pmlocald) components for Privilege Manager for Unix.
  • qpm-server package, which contains the server (pmmasterd), the client (pmrun) and agent (pmlocald), and the Sudo Plugin (qpm4u_plugin.so) components for Privilege Manager.
  • qpm-plugin package, which contains the offline policy cache server (pmmasterd), the Sudo Plugin (qpm4u_plugin.so) components for Privilege Manager

The Solaris server and agent packages have filenames that start with QSFTpmsrv and QSFTpmagt, respectively.

Once installed, the packaged files are placed in an installation directory under /opt/quest which contains subdirectories and files.

The platform directories contain the Privilege Manager installer packages for each platform supported by Privilege Manager.

Table 91: Privilege Manager kit directories
Platform Architecture
aix52-rs6k IBM®AIX 5.3, 6.1

aix71-rs6k

IBM®AIX 7.1, 7.2

freebsd-x86_64

FreeBSD on x86 64-bit architecture

hpux-hppa11 HP-UX 11.31 PA-RISC architecture
hpux11-ia64 HP-UX 11.31 Itanium architecture

linux-aarch64

Linux on ARM 64-bit architecture

linux-ia64

Linux on Itanium architecture

linux-intel Linux x86
linux-ppc64 Linux on ppc little endian 64-bit architecture

linux-ppc64le

Linux on ppc little endian 64-bit architecture

linux-s390 Linux s390
linux-x86_64 Linux on x86 64-bit architecture

macos-x86_64

macOS on x86 64-bit architecture

Solaris-intel Solaris Intel architecture
SolarisSPARC® architecture

Installed files and directories

The following table lists files and directories installed on your system.

Table 92: Installed files and directories
Directories and files Description Created by
/opt/quest/qpm4u Install directory containing readme, default trial license file, examples directory, templates, etc. INSTALL
/etc/opt/quest/qpm4u/pm.settings Configuration file for Privilege Manager component communications. CONFIG
/etc/opt/quest/qpm4u/policy/pm.conf Default production policy file when using the pmpolicy policy type. CONFIG
/etc/opt/quest/qpm4u/policies Default production policy framework directory when using the pmpolicy type. CONFIG
/etc/opt/quest/qpm4u/policies/sudoers Default production policy file for the sudo policy type. CONFIG
/opt/quest/bin

Install directory containing the binaries for user programs, such as pmrun, pmksh and pmvi.

These user programs only apply to Privilege Manager for Unix.

CONFIG
/opt/quest/sbin Install directory containing the binaries for admin programs, such as pmlog and pmreplay. INSTALL
/opt/quest/lib Install directory for shared libraries INSTALL
/opt/quest/libexec Install directory for dynamically loaded objects. INSTALL
/opt/quest/man This directory contains all the man pages for Privilege Manager daemons and programs. INSTALL
/opt/quest/qpm4u/examples

This directory contains useful programs, scripts, or examples which show how to use Privilege Manager for Unix. It also contains a sample configuration file which you can use as a template for implementing your own policies.

These scripts and examples only apply to Privilege Manager for Unix.

INSTALL
/opt/quest/qpm4u/license This file contains the license information (policy server only). For information about updating license information, see pmlicense. INSTALL
/opt/quest/qpm4u/qpm4u_eula.txt This file contains the End User License Agreement for the Privilege Manager product. INSTALL
/opt/quest/qpm4u/README. <architecture> This file contains the latest information about your version of Privilege Manager. INSTALL
/var/opt/quest/qpm4u/iolog This directory contains the keystroke logs. EVENTDATA
EVENTDATA

Related Documents