Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

feature_enabled

Syntax
int feature_enabled (int feature )
Description

feature_enabled checks whether a particular feature is enabled on the policy server. Use this function to detect support for platform-dependant features; currently these comprise FEATURE_LDAP and FEATURE_VAS (defined as integer constants).

Returns true if the feature is enabled, otherwise false.

Example
if (feature_enabled(FEATURE_LDAP)) 
{ 
   if (proc_do_ldap_authentication(user)) 
   { 
      accept; 
   } 
}

fileexists

Syntax
int fileexists ( string fn )
Description

fileexists determines whether the file fn exists on the policy server.

Returns true if the pathname exists, false if not.

Example
if (fileexists("/opt/quest/pmc") ) { 
   print ("PMC is installed."); 
}

glob

Syntax
int glob ( string pattern, string str )
Description

glob matches a string to a pattern. This match is often used for filenames since the patterns are the same ones that the UNIX® shell uses for filename matching.

NOTE: For more information, see the fnmatch(3) man page.

Returns true if the string matches the pattern, otherwise false.

Example
#this returns true because the “*” wildcard character matches any number of any character 
glob("a*b", "axyzb") 

#this returns true because the “.” Is interpreted as a literal period char. 
glob("a.*b", "a.fgb")
Table 43: Search patterns
j* j followed by any number of characters.
j*e j followed by any number of characters, ending with an e.
[jJ]* Upper or lower case j followed by any number of characters.
[a-z] Any lower case character.
[^a-z] Any character except lower case characters.
j? j followed by a single character.

ingroup

Syntax
int ingroup ( string user, string group )
Description

ingroup returns true if the specified user is in the specified UNIX® group on the policy server; otherwise returns false.

Example
if (ingroup("cory", "admin") ) { 
   accept; 
}
Related Topics

innetgroup

Related Documents