Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

getgroups

Syntax
list getgroups ( string user )
Description

getgroups returns the list of groups to which the specified user belongs from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file). If you do not specify a user, it returns the submituser's secondary groups.

The following example returns the list of groups to which root belongs.

Example
# print the list of groups to which root belongs 
print(getgroups("root"));

gethome

Syntax
string gethome( string user )
Description

gethome returns the specified user’s home directory from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file).

Example
# set working directory to root's home dir on the policy server 
runcwd = gethome("root"); 

getshell

Syntax
string getshell ( string user )
Description

getshell returns the specified user’s login program from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file).

Example
#check the user's shell on the policy server is in /opt/quest/bin 
shell=getshell(user); 
if (dirname(shell) != "/opt/quest/bin") { 
   reject "You are only permitted to run a login shell from /opt/quest/bin"; 
}

Authentication Services Functions

These are the built-in Authentication Services functions available to use within the policy file:

Table 49: Authentication Services functions
Name Description
vas_auth_user_password Authenticate a user to Active Directory using Authentication Services.
vas_host_in_ADgrouplist Check whether selected host name and domain is a member of any group in the selected list.
vas_host_is_member Check whether selected host name and selected domain is a member of the selected group.
vas_user_get_groups Check membership of the group lists.
vas_user_in_ADgrouplist Return membership of the Active Directory group lists.
vas_user_is_member Check whether a selected user name and selected domain is a member of the selected group.
Related Documents