Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

pmvi

Syntax
pmvi /full_path_name
Description

(Privilege Manager for Unix only.) The pmvi editor is a special version of vi that you can use securely with Privilege Manager programs. You must specify a full path name as an argument when starting pmvi. Also, you will not be able to access any files other than the ones you specified at startup time nor spawn any processes.

Use pmvi to allow users to access a specific file as root but no other root functions.

Installation Packages

Installation Packages

Privilege Manager for Unix is comprised of the following packages:

  • Privilege Manager for Unix product

    Contains the Privilege Manager Policy Server and PM Agent components and uses the native packaging system for each platform (RPM, PKG, etc).

  • Privilege Manager for Sudo product

    Contains the Privilege Manager Policy Server and Sudo Plugin components and uses the native packaging system for each platform (RPM, PKG, etc).

  • Preflight Binary

    This is a stand-alone native binary for each platform (not zipped, tarred or packaged). This binary exists stand-alone on the ISO to make it available for use prior to installing software. It does not change any Privilege Manager configuration on the host.

NOTE: See Download Privilege Manager for Unix Software Packages for details.

Package Locations

Installation Packages > Package Locations

Privilege Manager is provided in native platform install packages, which include binary files, online man pages, installation files and configuration file examples.

The install packages are located in the zip archive in two directories called:

  • /server
  • /agent
  • /sudo_plugin

where <platform> is the name of the platform on which you are running Privilege Manager.

There are three different packages:

  • qpm-agent package, which contains only the client (pmrun) and agent (pmlocald) components for Privilege Manager
  • qpm-server package, which contains the server (pmmasterd), the client (pmrun) and agent (pmlocald), and the Sudo Plugin (qpm4u_plugin.so) components for Privilege Manager.
  • qpm-plugin package, which contains the offline policy cache server (pmmasterd), the Sudo Plugin (qpm4u_plugin.so) components for Privilege Manager

NOTE: The Solaris® server and agent packages have filenames that start with QSFTpmsrv and QSFTpmagt, respectively.

Once installed, the packaged files are placed in an installation directory under /opt/quest which contains subdirectories and files.

The platform directories contain the Privilege Manager for Unix installer packages for each platform supported by Privilege Manager for Unix.

Table 99: Privilege Manager for Unix kit directories
Platform Architecture
aix52-rs6k IBM® AIX® 5.3, 6.1, 7.1
hpux-hppa11 HP-UX 11
hpux11-ia64 HP-UX 11i Itanium architecture
Solaris®-SPARC® Solaris® SPARC® architecture
Solaris®-intel Solaris® Intel architecture
linux-intel Linux® x86
linux-s390 Linux® s390
linux-x86_64 Linux® on x86 64bit architecture
linux-ppc64 Linux® on ppc 64bit architecture

Installed Files and Directories

Installation Packages > Installed Files and Directories

The following table lists files and directories installed on your system.

Table 100: Installed files and directories
Directories and Files Description Created By
/opt/quest/qpm4u Install directory containing readme, default trial license file, examples directory, templates, etc. INSTALL
/etc/opt/quest/qpm4u/pm.settings Configuration file for Privilege Manager component communications. CONFIG
/etc/opt/quest/qpm4u/policy/pm.conf Default production policy file when using the pmpolicy policy type. CONFIG
/etc/opt/quest/qpm4u/policies Default production policy framework directory when using the pmpolicy type. CONFIG
/etc/opt/quest/qpm4u/policies/sudoers Default production policy file for the sudo policy type. CONFIG
/opt/quest/bin Install directory containing the binaries for user programs, such as pmrun, pmksh and pmvi. CONFIG
/opt/quest/sbin Install directory containing the binaries for admin programs, such as pmlog and pmreplay. INSTALL
/opt/quest/lib Install directory for shared libraries INSTALL
/opt/quest/libexec Install directory for dynamically loaded objects. INSTALL
/opt/quest/man This directory contains all the man pages for Privilege Manager for Unix daemons and programs. INSTALL
/opt/quest/qpm4u/examples This directory contains useful programs, scripts, or examples which show how to use Privilege Manager for Unix. It also contains a sample configuration file which you can use as a template for implementing your own policies. INSTALL
/opt/quest/qpm4u/license This file contains the license information (policy server only). For information about updating license information, see pmlicense. INSTALL
/opt/quest/qpm4u/qpm4u_eula.txt This file contains the End User License Agreement for the Privilege Manager for Unix product. INSTALL
/opt/quest/qpm4u/README. <architecture> This file contains the latest information about your version of Privilege Manager for Unix. INSTALL
/var/opt/quest/qpm4u/iolog This directory contains the keystroke logs. EVENTDATA
/var/opt/quest/qpm4u/pmevents.db This file contains the event logs. EVENTDATA

Related Documents