Chat now with support
Chat with Support

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Mail

You may use the configuration file to send mail messages when certain actions occur. The following fragment sends mail to root whenever the adduser program runs:

if(command=="adduser") { 
   system("mail root", 
      "pm: adduser was run as root by " + user + "\n"); 
}

Environmental variables

You can use environment variables to turn on or off special features of Privilege Manager for Unix configuration files. In the following example, the list of Privilege Manager for Unix variables is printed to the user's screen if the DEBUG environment variable is set to "yes". This is useful when debugging a configuration file. Simply set the DEBUG variable to "yes" in your shell, then run pmrun. Privilege Manager for Unix notices the DEBUG variable, and calls the printvars function.

if(getenv("DEBUG")=="yes") 
   printvars();

NIS netgroups

If you have a large site where you add and remove hosts frequently, you may already be using netgroups to associate a group name with a set of hosts. The Privilege Manager for Unix innetgroup function inquires if a named host is a member of a named netgroup.

For example, you can reject requests originating from any machine that is not in the netgroup myhosts as follows:

if(!innetgroup("myhosts", host)) 
   reject;

Specify trusted hosts

You can reject all requests that do not originate from your domain; that is, specify only the hosts that you trust to issue requests by using the following:

if(submithost !in {"*.quest.com"}) 
   reject;
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating