Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

alertkeymatch

Description

Type string READONLY

alertkeymatch contains the pattern matched by pmlocald. This variable is not available for use in the policy file, it is only available in the event log. To view the event log, use the pmlog -l command.

Example
#view all alerts recorded in the audit log that match the pattern "passwd" 
pmlog –l -c 'alertkeymatch == "passwd"'

argc

Description

Type integer READONLY

argc contains the number of arguments supplied for the original command. This includes the command name itself. For example, if the original command is pmrun ls –al, then argc is set to 2.

Example
# if any arguments are passed to a vi editor program, like vi
# then verify the path is not in a list of forbidden directories 
if ((basename(command) in vi_program_list) && (argc > 1)) 
{ 
   count=0; 
   while (count < length(forbid_dir_list)) 
   { 
      if (glob(forbid_dir_list[count], dirname(argv[1]))) 
      { 
         reject "You are not allowed to edit a file in this directory"; 
       } 
      count=count+1; 
   } 
}
Related Topics

argv

argv

Description

Type list READONLY

argv is a list of the arguments supplied for the original command, including the command itself. For example, if the original command is pmrun ls –al, then argv is set to {"ls","-al"}.

Example
# if any arguments are passed to an editor program, like vi
# then verify the path is not in a list of forbidden directories 
if ((basename(command) in vi_program_list) && (argc > 1)) 
{ 
   count=0; 
   while (count < length(forbid_dir_list)) 
   { 
      if (glob(forbid_dir_list[count], dirname(argv[1]))) 
      { 
         reject "You are not allowed to edit a file in this directory"; 
      } 
      count=count+1; 
   } 
}
Related Topics

argc

client_parent_pid

Description

Type integer READONLY

Process ID of client's parent process.

Example
# only allow requests submitted from a login shell
# (parent process name starts with a dash) 
if (client_parent_procname[0] == "-") { 
   printf("process info -- name:[%s], pid[%d], uid[%d]\n" 
      client_parent_procname, client_parent_pid, client_parent_uid); 
   reject "only requests from login shells are allowed"; 
}
Related Documents