Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

pmsysid

Syntax
pmsysid [-i] | -v
Description

The pmsysid command displays the Privilege Manager system ID.

Options

pmsysid has the following options:

Table 96: Options: pmsysid
Option Description
-i Shows the system host name and IP address.
-v Displays the Privilege Manager for Unix version and exits.

pmtunneld

Syntax
pmtunneld [ [-v] | [-z on|off[:<pid>]] | [[-e logfile] [-s] ] ]
Description

(Privilege Manager for Unix only.) The pmtunneld command acts as a proxy for pmrun when pmlocald communicates with pmrun through a firewall.

Communication sent from pmlocald is transmitted using port number 12347, by default, and received by pmtunneld. pmtunneld then transmits the data to pmrun. (See Configuring pmtunneld for details.)

Options
Table 97: Options: pmtunneld
Option Description
-e filename Logs any tunnel proxy daemon errors in the file specified.
-s Sends any tunnel proxy daemon errors to syslog.
-v Displays the version number of Privilege Manager for Unix and exits.
-z Enables/disables tracing for this program and optionally for a currently running process. (Refer to Enabling Program-level Tracing before using this option.)

pmumacs

Syntax
pmumacs /full_path_name
Description

(Privilege Manager for Unix only.) The pmumacs text editor is a special version of microemacs that you can use securely with Privilege Manager programs; it is similar to the umacs editor. umacs is a small version of emacs with gosling-style emacs key bindings. You must specify a full path name as an argument when starting pmumacs. Also, you will not be able to access any files other than the ones you specified at startup time nor spawn any processes.

Use pmumacs to allow users to access a specific file as root but no other root functions.

pmverifyprofilepolicy

Privilege Manager Programs > pmverifyprofilepolicy
Syntax
pmverifyprofilepolicy [-v | [-c][-z on|off[:<pid>]]] [-f <filename>] 
                      [-p <policydir>]
Description

(Privilege Manager for Unix only.) Use pmverifyprofilepolicy to verify the syntax and structure of the policy file and check whether a particular command will be accepted or rejected. The policy is assumed to match the format of the default profile policy; if it is not in the expected format, then it displays an error for each file that is missing or is not in the correct format.

Options

pmverifyprofilepolicy has the following options:

Table 98: Options: pmverifyprofilepolicy
Option Description
-c

Displays output in csv, rather than human-readable, format.

The following line displays for each syntax error encountered:

PMCHECKERROR,<filename>,<linenumber>,<error_description>

The overall result displays in the following format:

PMVERIFYPROFILERESULT,<result>,<description>

where result can be: 0:success or -1:fail

For each file expected to contain data only, it prints the following line to stdout for each statement found in the file that is not a comment or variable assignment:

PMVERIFYPROFILECHECK,<filename>,<linenumber>,<description>

For each file expected to be unchanged, it prints the following line to stdout:

PMVERIFYPROFILENOMATCH,<filename>,<linenumber>,<description>

-f Provides an alternative policy filename to check. If not fully qualified, this path is interpreted as relative to the policydir, rather than to the current directory.
-p Forces pmverifyprofilepolicy to search for a different policy directory for include files identified by relative path. The default location is the policydir setting in pm.setting.
-v Prints Privilege Manager for Unix version and exits.
-z Enables (or disables) debug tracing, and optionally sends SIGHUP to running process. (Refer to Enabling Program-level Tracing before using this option.)
Related Documents