Use the following commands to navigate the log file in interactive mode.
| Command | Description |
|---|---|
| g | Go to start of file. |
| G | Go to end of file. |
| p | Pause/resume replay in slide-show mode. |
| q | Quit the replay. |
| r | Redraw the log file from start. |
| s | Skip to next time marker. Allows you to see what happened each second. |
| t | Display time of an action at any point in the log file. |
| u | Undo your last action. |
| v | Display all environment variables in use at the time the log file was created. |
| [space] key | Go to next position (usually a single character); that is, step forward through the log file. |
| [Enter] key | Go to next line. |
| [backspace] key | Back up to last position; that is, step backwards through the log file. |
| /<Regluar Expression>[Enter] | Search for a regular expression while in interactive mode. |
| /[Enter] | Repeat last search. |
Display the time of an action at any point in the log file with t, redraw the log file with r, and undo your last action with u.
You can also display all the environment variables which were in use at the time the log file was created using v. Use q or Q to quit pmreplay.
Type any key to continue replaying the I/O log.
pmresolvehost -p|-v|[-h <hostname>] [-q][-s yes|no]
The pmresolvehost command verifies the host name / IP resolution for the local host or for a selected host. If you do not supply arguments, pmresolvehost checks the local host name/IP resolution.
pmresolvehost has the following options:
| Option | Description |
|---|---|
| -h | Verify the selected host name. |
| -p | Print the fully qualified local host name. |
| -q | Run in silent mode; display no errors. |
| -s | Specify whether to allow short names. |
| -v | Display Privilege Manager version. |
pmrun -v | -z on|off[<pid>] [-b][-d][-n][-p] [-m masterhost] [-h hostname]
[-u requestuser] command [arg(s)]
(Privilege Manager for Unix only.) The pmrun command requests that an application is run in a controlled account. Simply add pmrun to the beginning of the command line. For example:
pmrun backup /usr dev/dat
pmrun checks the /etc/opt/quest/pm.settings file to determine which the policy server daemon to send the request. Once it has contacted a policy server daemon, it sends a request to the daemon to run the application specified. As with the rlogin command, you can type ~^Z to suspend pmrun, or ~. to terminate it. You must enter these commands at the beginning of a new line.
pmrun has the following options:
| Option | Description |
|---|---|
| -b | Allows the runcommand process to run in the background, permitting you to execute other programs or commands from the same window. You can use the -b switch with any application process which does not require output that changes the tty mode. Because of this restriction, you can not use the -b switch with applications that require a password. |
| -d | The -d option is required if the application you are running uses the nohup command. Include the -d parameter to ensure that the nohup command functions correctly. |
| -h host | Allows you to request a particular execution host to run the request. Enter -h hostbefore the command you are requesting. |
| -m polserverhost | Allows you to select the policy server host to contact, bypassing the usual selection methods. The specified host must be in the masters setting in the pm.settings file. |
| -n | Redirects the input of pmrun to /dev/null. Use the -n option to avoid unfortunate interactions between pmrun and the shell which invokes it. For example, if you are running pmrun and start a pmrun in the background without redirecting its input away from the terminal, it will block even if no reads are posted by the remote command. |
| -p | Puts pmrun into pipe mode, in which all interactions with the user's terminal are done without changing any of the terminal parameters. Normally, pmrun puts the terminal into raw mode, so that programs such as text editors, which require raw mode, can run properly under pmrun. Pipe mode is useful when you need to pipe several pmrun commands together. For example:
pmrun -p ls /etc/secure | pmrun -p dbadd listing |
| -u user | Request to run the command as the specified user. The policy server decides whether to honor this request. |
| -v | Displays the version number of Privilege Manager for Unix and exits. |
| -z | Enable/disable tracing for this program and optionally for a currently running process. (Refer to Enabling Program-level Tracing before using this option.) |
File containing Privilege Manager communication parameters, including the list of valid master hosts:
/etc/opt/quest/qpm4u/pm.settings
pmserviced [-d] [-n] [-s] [-v] [-z on|off[:<pid>]]
The Privilege Manager service daemon, (pmserviced) is a persistent process that spawns the configured Privilege Manager services on demand. The pmserviced daemon is responsible for listening on the configured ports for incoming connections for the Privilege Manager for Unix daemons. It is capable of running the pmmasterd, pmlocald, pmclientd and pmtunneld services. Note that only one of pmmasterd and pmclientd may be enabled as they use the same TCP/IP port. (See the individual topics in PM Settings Variables for more information about these daemon settings.)
pmserviced has the following options:
| Option | Description |
|---|---|
| -d | Logs debugging information such as connection received, signal receipt and service execution.
By default, pmserviced only logs errors. |
| -n | Do not run in the background or create a pid file. By default, pmserviced forks and runs as a background daemon, storing its pid in /var/opt/quest/qpm4u/pmserviced.pid. When you specify the -n option, it stays in the foreground. If you also specify the -d option, error and debug messages are logged to the standard error in addition to the log file or syslog. |
| -s | Connects to the running pmserviced and displays the status of the services, then exits. |
| -v | Displays the version number of Privilege Manager for Unix and exits. |
| -z | Enables/disables tracing for pmserviced. (Refer to Enabling Program-level Tracing before using this option.) |
pmserviced uses the following options in /etc/opt/quest/qpm4u/pm.settings to determine the daemons to run, the ports to use, and the command line options to use for each daemon:
| Daemon Name | Flag to Enable daemon | Listen on Port | Command Line Options |
|---|---|---|---|
| pmclientd | pmclientdEnabled | masterport | pmclientdOpts |
| pmlocald | pmlocaldEnabled | localport | pmlocaldOpts |
| pmmasterd | pmmasterdEnabled | masterport | pmmasterdOpts |
| pmtunneld | pmtunneldEnabled | tunnelport | pmtunneldOpts |
| Setting | Description |
|---|---|
| pmservicedLog pathname | syslog | Fully qualified path to the pmserviced log file or syslog. |
| pmmasterdEnabled YES | NO | When set to YES, pmserviced runs pmmasterd on demand. |
| masterport number | The TCP/IP port pmmasterd or pmclientd uses to listen. |
| pmmasterdOpts options | Any command line options passed to pmmasterd when executed. |
| pmlocaldEnabled YES | NO | When set to YES, pmserviced runs pmlocald on demand. |
| localport number | The TCP/IP port pmlocald uses to listen. |
| pmlocaldOpts options | Command line options passed to pmmasterd when executed. |
| pmlocaldEnabled YES | NO | When set to YES, pmserviced runs pmlocald on demand. |
| localport number | The TCP/IP port pmlocald uses to listen. |
| pmlocaldOpts options | Any command line options passed to pmlocald when executed. |
| pmclientdEnabled YES | NO | When set to YES, pmserviced runs pmclientd on demand. |
| pmclientdOpts options | Any command line options passed to pmclientd when executed. |
| pmtunneldEnabled YES | NO | When set to YES, pmserviced runs pmtunneld on demand. |
| tunnelport number | The TCP/IP port pmtunneld uses to listen. |
| pmtunneldOpts options | Any command line options passed to pmtunneld when executed. |
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy