Electronic copies of the policy file samples used in each lesson are located in the /opt/quest/qpm4u/examples directory and they are reproduced for you in this section.
Electronic copies of the policy file samples used in each lesson are located in the /opt/quest/qpm4u/examples directory and they are reproduced for you in this section.
########################################################################## # Privilege Manager for Unix example configuration file # One Identity 2013 # Example File : pm.conf # # Establish which Lesson has been selected and include the appropriate file # accordingly ########################################################################## PMINST=getenv("INSTBASE","/opt/quest/qpm4u"); PMLESSON=atoi(getenv("LESSON","1")); EXAMPLEDIR=PMINST + "/examples"; if (PMLESSON<1 || PMLESSON>11) { printf("Invalid lesson %i selected, resetting to Lesson 1\n",PMLESSON); PMLESSON=1; } system("clear"); printf("Lesson %i is selected\n",PMLESSON); # The lessons take a user from the environment so that # none of the scripts require modification before use # this is taken from the environment variable LESSON_USER # Make sure that you have set this a valid user which will # be used for the purposes of this series of lessons. PMLESSON_USER=getenv("LESSON_USER","demo"); if (PMLESSON_USER=="") { print("No user has been specified, user 'demo' will be assumed\n"); } if (user!=PMLESSON_USER) { print("------------------------ WARNING ---------------------------"); printf("Your currently logged in as %s\n",user); printf("Your selected user for the lessons is %s\n",PMLESSON_USER); printf("This may not be what you intended, try 'su %s'\n",PMLESSON_USER); print("-----------------------------------------------------------\n"); } PML=sprintf("%i",PMLESSON); switch (PML) { case "1": { include EXAMPLEDIR + "/example1.conf"; break; } case "2": { include EXAMPLEDIR + "/example2.conf"; break; } case "3": { include EXAMPLEDIR + "/example3.conf"; break; } case "4": { include EXAMPLEDIR + "/example4.conf"; break; } case "5": { include EXAMPLEDIR + "/example5.conf"; break; } case "6": { include EXAMPLEDIR + "/example6.conf"; break; } case "7": { include EXAMPLEDIR + "/example7.conf"; break; } case "8": { include EXAMPLEDIR + "/example8.conf"; break; } case "9": { include EXAMPLEDIR + "/example9.conf"; break; } case "10": { include EXAMPLEDIR + "/example10.conf"; break; } } reject;
See Install the example policy file for details on installing the example policy file.
#================================================================= # Privilege Manager for Unix example configuration file # One Identity 2013 # # Example File : example1 # # This file to have permissions of 600 (rw-------), and be owned by # root. #================================================================= #================================================================= print("-------------LESSON 1 DESCRIPTION---------------------------"); printf("Policy file %s/examples/example1.conf\n",PMINST); print("-----------------------------------------------------------"); printf("This basic lesson uses a policy allowing users %s and dan\n",PMLESSON_USER); print("the rights to run any command as root.\n"); print("For example, to test this enter the command pmrun whoami"); print("which will return the value root as the logged in user."); print("-----------------------------------------------------------"); i=0; while (i<argc) { printf("%s ",argv[i]); # Redisplay the original command line for clarity i=i+1; } printf("\n"); if (user=="dan" || user==PMLESSON_USER) { runuser="root"; accept; } #=================================================================
See Lesson 1: Basic policy for details on using this sample policy file.
#================================================================= # Privilege Manager for Unix example configuration file # One Identity 2013 # # Example File : example2 # # This file should have permissions of 600 # (rw-------). # It must be owned by root. #================================================================= print("--------------- LESSON 2 DESCRIPTION ------------------"); printf("Policy file %s/examples/example2.conf\n",PMINST); print("--------------------------------------------------------"); printf("This policy rejects attempts to run commands outside of normal\n"); printf("office hours for users %s and dan.\n",PMLESSON_USER); print("Otherwise all commands will be run as root.\n"); print("Try running a few different programs like date, hostname"); print("and even your favourite shell (csh, bash, ksh)"); print("Try these with the time/date set both in and outside office hours"); print("Remember to prefix them with pmrun"); print("--------------------------------------------------------"); i=0; while (i<argc) { printf("%s ",argv[i]); # Redisplay the original command line for clarity i=i+1; } printf("\n"); #================================================================= if (user=="dan" || user==PMLESSON_USER) { # Explicitly disallow commands run outside of regular office hours if(dayname=="Sat" || dayname=="Sun" || !timebetween(800,1700)) reject; runuser = "root"; accept; } #=================================================================
See Lesson 2: Conditional privilege for details on using this sample policy file.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center