One Identity Privilege Manager for Unix uses policy files to define the rules governing which users are able to run which commands as root. The policy files are defined using syntax defined by Privilege Manager for Unix. When the policy files are applied on the Unix host, the Group Policy agent validates the new set of policy rules to ensure that there are no syntax or logical errors in the rules. If the policy rules do not validate, the Group Policy agent logs an error and does not apply the policy files. This ensures that an oversight or other error does not break the security infrastructure already in place.
BEST PRACTICE: As a best practice, always test your policy configuration prior to applying it by means of Group Policy.
If you add a file named pm.conf, this file overrides the default root policy file. The Group Policy agent updates the list of files included from the root policy file to included all of the configured files. If the validation step fails after updating the included files, the policy is not applied.
For more information about the syntax of Privilege Manager for Unix policy files, refer to the documentation included with One Identity Privilege Manager for Unix.
To configure Privilege Manager policy files
The Privilege Manager Policy Files Properties dialog opens.
Privilege Manager policy files are evaluated when group policy is applied. If a Privilege Manager policy file contains errors it is not applied.
The Privilege Manager Configuration policy manages the pm.settings file, which contains configuration options for One Identity Privilege Manager for Unix. The Group Policy agent applies the configuration to the pm.settings file.
Since the Group Policy agent is based on Active Directory and Kerberos, setting the Kerberos setting to "yes" causes the Group Policy agent to fully configure all other Kerberos settings automatically. For this reason, the additional Kerberos-related settings are not displayed in the Settings dialog.
For more information about the Privilege Manager configuration settings, refer to the documentation included with One Identity Privilege Manager for Unix.
To configure Privilege Manager configuration settings
The Privilege Manager Configuration Properties dialog opens.
Browse the list or type the setting name (or part of the name) in the search box and click Search.
It displays additional information related to the setting in a help box at the bottom of the dialog. The help box is re-sizable using the splitter bar between the settings list and the help text.