Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

pmshell

Description

Type integer READONLY

pmshell initializes to true if a Privilege Manager shell program (such as pmksh, pmsh, pmcsh, pmloginshell) is running; otherwise, the variable is undefined.

Example
if (defined pmshell) 
{ 
   printf ("Now running: %s\n", pmshell_prog); 
   pmshell_restricted = 1; 
   pmshell_checkbuiltins = 1; 
   pmshell_reject = "You are not allowed to run this command"; 
   pmshell_allow = {"ls","grep","cat"}; 
   pmshell_forbid = append(pmshell_forbid, "passwd"); 
   pmshell_forbid = append(pmshell_forbid, "kill"); 
} 
else 
{ 
   printf("Not running a command within %s\n", pmshell_prog); 
   accept; 
}

pmshell_builtin

Description

Type integer READONLY

pmshell_builtin is a constant value that identifies a shell builtin command. Use it to compare with the value of the pmshell_cmdtype variable.

Example
if (defined pmshell_cmd){ 
   if ((user in safe_shell_list) && (pmshell_cmdtype == pmshell_builtin)) 
   { 
      #allow all built-ins for selected users accept; 
   } 
}

pmshell_cmd

Description

Type integer READONLY

pmshell_cmd is only defined if the command is a Privilege Manager shell program (in which case it is set to false) or the command is a shell subcommand running from a Privilege Manager shell program (in which case it is set to true). It is only applicable to the pmsh, pmksh, and pmcsh programs.

Example
if (defined pmshell_cmd){ 
   if (user !in safe_shell_list) 
   { 
      #check builtins 
      pmshell_checkbuiltins=true; 
   } 
}

pmshell_cmdtype

Description

Type integer READONLY

pmshell_cmdtype is only defined if the command is a shell subcommand running from a Privilege Manager shell. It is only applicable to the pmsh, pmcsh, and pmksh programs. It is set to one of these constant values: pmshell_builtin, pmshell_script, or pmshell_exe.

Example
if (defined pmshell_cmd){ 
   if (user !in safe_shell_list) 
   { 
      #check builtins 
      pmshell_checkbuiltins=true; 
   } 
}
Related Documents