Chat now with support
Chat with Support

Privilege Manager for Unix 7.0 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Advanced lessons

The remaining lessons are theoretical discussions covering the changes to scripts and leave the reader to consider modification and experimentation as exercises.

These lessons are not designed to be interactive. However, if you work through the sample policies, making changes, and trying out the policy files in the same way you did for Lesson 1 through 7, you will extend your understanding of the process, approach, and style required to create policies.

The advanced lessons are:

Lesson 8: Controlling the execution environment

This policy file introduces a number of environmental controls that give you greater flexibility and control over the command and user execution environment.

if (cwd != "/usr" && !glob("/usr/*", cwd)) 
   runcwd = "/tmp";

The first uses the runcwd variable which gives you the ability to examine and override the working directory in which the requested command runs. In this example, you allow commands to be run from /usr and its subdirectories, but you run all other commands from /tmp.

if (argc > 2) 
   runargv = range(argv, 0, 2);

You can also control the number of arguments specified on the requested command line. You can examine the number of arguments together with the value of each argument, as well as remove, modify, or supplement them with additional arguments not previously present on the original command line.

runuser = "root"; 
rungroup = "bin"; 
if (command != "hostname") 
   runhost = submithost;

You can also examine the rungroup and the host on which the command is destined to run and override them.

keepenv("TERM", "DISPLAY", "HOME", "TZ", "PWD", "WINDOWID", "COLUMNS", "LINES"); 
setenv("PATH", 
"/usr/ucb:/bin:/usr/bin:/usr/local/bin:/usr/bin/X11:" + 
"/usr/X11/bin:/usr/etc:/etc:/usr/local/etc:/usr/sbin");

Control of the run environment is vitally important as you can use environment variables to exploit security vulnerabilities in some UNIX programs, so one aspect of the policy can be to cleanse the execution environment to make sure there is nothing which could be considered unsafe. A common requirement within policy files is to ensure that the PATH is cleansed, removing any user appended paths which may be higher up the search path, where a user-created script may be lurking.

runumask = 022; 
runnice = -4;

You can control many other aspects of the execution environment including the nice value and umask.

Refer to Lesson 8 Sample: Controlling the execution environment to see the sample policy used in this lesson.

Lesson 9: Flow control

This lesson introduces you to another execution control construct using switch(), case, and break statements which allow you control which parts of the script are to run.

adminprogs = {"ls", "hostname", "kill", "csh", "ksh", "echo"};

if (command in adminprogs) {
   switch (dayname) {
      case "Mon":
      case "Wed":
      case "Fri":
         adminusers = {"dan", "robyn"};
         break;
      case "Tue":
      case "Thu":
         adminusers = {"robyn", "cory"};
         break;
      default:
         adminusers = {};
   }
   if (user in adminusers) {
      runuser = "root";
      accept;
   }
}

In this example, you use the switch and case statements to control which users are considered to be admin users on any given day of the week. Execution commences when the first case statement matches the condition. It proceeds until it encounters the end of the switch statement or reaches a break statement.

Refer to Lesson 9 Sample: Flow control to see the sample policy used in this lesson.

Lesson 10: Basic menus

This final lesson demonstrates the use of a rudimentary menu system which you can present to the user when he enters the adminmenu command.

if(command=="adminmenu") {
   print("========= Admin Menu =========");
   print("1) Add users");
   print("2) Start a backup");
   print("3) Change ownership of a file");
   print("4) Fix line printer queues");
   choice = input("Please choose one: ");

   switch(choice) {
      case "1":
         if(!getstringpasswd("m9xxg7B4.v8Ck", "Type in the adduser
   password: ", 2))
            reject;
         runcommand = "/usr/local/bin/adduser";
         runuser = "root";
         break;
      case "2":
         runcommand = "/usr/local/bin/dobackup";
         runuser = "backup";
         break;
      case "3":
         runcommand = "/usr/bin/chown";
         runuser = "root";
         break;
      case "4":
         runcommand = "/usr/lib/lpadmin";
         runuser = "root";
         break;
      default:
         printf("\"%s\" was not a valid choice. Sorry.\n", choice);
         reject;
   }
   
   if (choice == "3") {
      file_name=input("Please enter the new owner's name then file name: ");
      arguments = split(file_name);
      runargv = insert(arguments, 0, "Spacer");
   }
   print("** Command to be run :", runcommand);
   print("** User to run command as :", runuser);
   accept;
}

This example shows how to gather input from the user, check the value of a literal hard-coded password, and manipulate command line arguments. It is purely illustrative of the scope and scale of what you can achieve from within a policy file, although there is much more that has not been covered in this lesson.

Refer to Lesson 10 Sample: Basic menus to see the sample policy used in this lesson.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating