Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

runpaths

Description

Type list READ/WRITE

A list of permitted paths for commands. If configured, the agent rejects a command if it is not run from one of these paths, even if the command is authorized by the policy.

Example
# allow commands only from the /bin, /sbin, /usr/bin, and /usr/sbin directories 
runpaths={"/bin", "/sbin", "/usr/bin", "/usr/sbin"};

runptyflags

Description

Type string READ/WRITE

runptyflags is a modifiable copy of the ptyflags input variable. Use it to close stdin to prevent stdin on the runtime environment.

Example
if ( basename(runcommand) == "appl_home") 
{ 
   # close stdin and prevent the user from providing any input 
   # for a command that is only intended to be run in batch mode. 
   runptyflags &= | 0x1; 
}
Related Topics

ptyflags

runtimeout

Description

Type string READ/WRITE

runtimeout specifies the number of seconds of idle time allowed before the session is closed.

Example
# close the session if the user is idle for 5 minutes 
runtimeout=300;

runumask

Description

Type integer READ/WRITE

runumask is a modifiable copy of the umask input variable. Specifies the umask filter which determines file permissions for files created during execution of the runcommand.

Example
trustedusers = {"jamie", "cory", "robyn"}; 
if (user in trustedusers ) 
{ 
   runumask=066; 
}
Related Topics

umask

Related Documents