Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

Privilege Manager for Unix Flow Control Statements

Privilege Manager for Unix Flow Control Statements

You can use the following reserved words to control the flow of logic in the policy file.

Table 35: Control flow reserved words
Statement Description
accept Accept the submitted request.
break Break out of a while or for loop.
continue Skip the rest of the loop body and continue to the next iteration of the loop.
do-while Execute the loop body multiple times until an expression is true, evaluating the expression after executing the statement.
for loop c-style for loop.
for loop Execute the loop body for each element in a list.
function Stand-alone subroutine, allowing you to reuse policy.
if-else Used to determine which statement to execute next based on whether an expression is true or false.
include Include the named policy file.
procedure / function Stand-alone subroutine, allowing you to reuse policy.
readonly Mark a variable as read-only.
readonlyexcept Mark all variables as read-only except for the specified list.
reject Reject the submitted request.
return Return from a function or procedure.
switch Used to determine which statement to execute next based on whether an expression matches one of several values.
while Execute the loop body multiple times until an expression is true, evaluating the expression before executing the statement.

accept

Syntax
accept;
Description

The accept statement accepts the job request submitted by a user. After a command is accepted, nothing else in the configuration script is executed. If neither an accept nor reject statement is reached while parsing the configuration file, the command is rejected by default.

Examples
adminusers = {"dan","robyn"}; 
adminprogs = {"hostname","kill","csh","ksh"}; 
if (user in adminusers && command in adminprogs) 
{ 
   runuser = "root"; 
   if (user == "dan" && !officehours) 
   { 
      printf("You can't use %s outside office hours\n",runcommand); 
      reject; 
   } 

   if (user == "robyn" && !officehours) 
   { 
      if (!getuserpasswd(user)) 
      reject; 
   } 
   accept; 
}

break

Syntax
break;
Description

The break statement exits a loop and terminates cases. Use to force an immediate exit in case statements and looping statements such as for, while, and do-while statements.

Example
for ( oneuser in userlist ) 
{ 
   if (oneuser == "root") 
   { 
      break; 
   } 
   print(oneuser); 
}

continue

Syntax
continue;
Description

Use the continue statement in the body of a C-style for loop, while, or do-while statement to skip the rest of the statements in the body of the loop and start again from the top of the loop.

Example
for ( oneuser in userlist ) 
{ 
   if (oneuser == "root") 
   { 
      continue; 
   } 
      print(oneuser); 
}
Related Documents