Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

domainname

Description

Type string READONLY

The Active Directory domain name for the submit user if Authentication Services is configured and the client is able to determine the domain name. Otherwise this variable is set to an empty string.

Example
# reject if the user is not in the uxwheel AD group 
if (vas_user_is_member(samaccount, "uxwheel", domainname) == false) 
   reject "user is not in uxwheel group";
Related Topics

samaccount

env

Description

Type list READONLY

env contains the list of environment variables configured in the environment where the submit user submitted the request.

Example
index=search(env, "APPL_HOME"); 
if (index > -1) 
{ 
   aval=env[index]; 
   if (dirname(aval ) != "/usr") 
   { 
      printf("You are not permitted to run this application from:%s\n", 
         dirname(aval)); 
   } 
}
Related Topics

runenv

false

Description

Type integer READONLY

false contains the constant value 0.

Example
adminusers = {"dan","robyn","cory"}; 
if ((user in adminusers) == false) 
   reject;
Related Topics

true

FEATURE_LDAP

Description

Type integer READONLY

Read-only constant used with the feature_enabled() function to determine whether LDAP features are available on a particular policy server.

Example
if (!feature_enabled(FEATURE_LDAP) 
print("LDAP support is not available on this policy server");
Related Topics

FEATURE_VAS

Related Documents