Type integer READONLY
pmshell initializes to true if a Privilege Manager shell program (such as pmksh, pmsh, pmcsh, pmloginshell) is running; otherwise, the variable is undefined.
if (defined pmshell) { printf ("Now running: %s\n", pmshell_prog); pmshell_restricted = 1; pmshell_checkbuiltins = 1; pmshell_reject = "You are not allowed to run this command"; pmshell_allow = {"ls","grep","cat"}; pmshell_forbid = append(pmshell_forbid, "passwd"); pmshell_forbid = append(pmshell_forbid, "kill"); } else { printf("Not running a command within %s\n", pmshell_prog); accept; }
Type integer READONLY
pmshell_builtin is a constant value that identifies a shell builtin command. Use it to compare with the value of the pmshell_cmdtype variable.
if (defined pmshell_cmd){ if ((user in safe_shell_list) && (pmshell_cmdtype == pmshell_builtin)) { #allow all built-ins for selected users accept; } }
Type integer READONLY
pmshell_cmd is only defined if the command is a Privilege Manager shell program (in which case it is set to false) or the command is a shell subcommand running from a Privilege Manager shell program (in which case it is set to true). It is only applicable to the pmsh, pmksh, and pmcsh programs.
if (defined pmshell_cmd){ if (user !in safe_shell_list) { #check builtins pmshell_checkbuiltins=true; } }
Type integer READONLY
pmshell_cmdtype is only defined if the command is a shell subcommand running from a Privilege Manager shell. It is only applicable to the pmsh, pmcsh, and pmksh programs. It is set to one of these constant values: pmshell_builtin, pmshell_script, or pmshell_exe.
if (defined pmshell_cmd){ if (user !in safe_shell_list) { #check builtins pmshell_checkbuiltins=true; } }
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy