Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

unameclient

Description

Type list READONLY

unameclient contains the system uname information from the pmrun host. This information corresponds to the list returned by uname. For example:

  • operating system name
  • nodename
  • operating system release level
  • operating system version
  • machine hardware name

uniqueid

Description

Type string READONLY

uniqueid is a 12-character string identifying a session. This is guaranteed to be unique on one policy server machine.

Example
printf("Command is running as id = %s", uniqueid);

use_rundir

Description

Type string READONLY

use_rundir is a read-only variable containing the value "!~!". You can use it as a placeholder in the context of any runtime variable to represent the runuser's home directory, as defined on the runhost. pmlocald replaces any instances of this value found in any runtime variable with the runuser's home directory on the runhost.

Example
allowedrequestusers={"root", "admin", "oradmin"}; 
//if requestuser is in allowed list, set runuser to requestuser 
  and set groups to match primary group on the runhost, 
//and change directory to runuser's home dir 
if (requestuser in allowedrequestusers) 
{ 
   runuser=requestuser; 
   rungroup=use_rungroup; 
   rungroups= {use_rungroup}; 
   runcwd = use_rundir; 
   accept; 
}

use_rungroup

Description

Type string READONLY

use_rungroup is a read-only variable containing the value "!g!". Use it as a placeholder in the context of any runtime variable to represent the runuser's primary group on the runhost. pmlocald replaces any instances of this value found in any runtime variable with the runuser's primary groupname on the runhost.

Example
allowedrequestusers={"root", "admin", "oradmin"}; 
//if requestuser is in allowed list, set runuser to requestuser 
   and set groups to match runuser's primary group only, 
//and change directory to runuser's home dir 
if (requestuser in allowedrequestusers) 
{ 
   runuser=requestuser; 
   rungroup=use_rungroup; 
   rungroups= {use_rungroup}; 
   runcwd = use_rundir; 
   accept; 
}
Related Documents