立即与支持人员聊天
与支持团队交流

Privilege Manager for Unix 7.3 - Release Notes

Privilege Manager for Unix 7.3

Privilege Manager for Unix 7.3

Release Notes

24 May 2024, 10:28

These release notes provide information about the Privilege Manager for Unix release.

Topics:
About this release

Privilege Manager for Unix protects the full power of root from potential misuse or abuse. With Privilege Manager for Unix there is no need to worry about anyone deleting critical files, modifying file permissions or databases, reformatting disks, or doing more subtle damage. Privilege Manager for Unix enables you to define a security policy that stipulates who has access to which root functions, as well as when and where they can perform those functions. It controls access to existing programs as well as purpose-built utilities that run common system administration tasks. At the administrator's request, Privilege Manager for Unix can protect sensitive data from network monitoring by encrypting the root commands or sessions it controls, including control messages and input keyed by users while running commands through Privilege Manager for Unix.

Privilege Manager for Unix 7.3 is a patch release that includes Resolved issues.

NOTE: Beginning with version 7.0, Privilege Manager for Unix supports only Linux-based systems for Privilege Manager for Unix policy servers.

End of support notice

After careful consideration, One Identity has decided to cease the development of the Management Console for Unix (MCU). Therefore, the MCU will enter limited support for all versions on April 1, 2021. Support for all versions will reach end of life on Nov 1, 2021.

As One Identity retires the MCU, we are building its feature set into modern platforms starting with Software Distribution and Profiling. Customers that use the MCU to deploy Authentication Services and Safeguard for Sudo can now use our Ansible collections for those products, which can be found at Ansible Galaxy.

New features

New features in Privilege Manager for Unix 7.3:

  • Privilege Manager for Unix now supports MacOS version 14.

  • Services can now write the syslog messages as CEF (Common Event Format), useful for messages about Accept and Reject events.

    NOTE: Logging in CEF is disabled by default. To enable it, set the configuration option logFormat to cef.

  • Introduced the pmcheckperms utility, used to check the ownership and permissions of Privilege Manager files on the system. For more information, see pmcheckperms in the Privilege Manager for Unix Administration Guide.

See also:

Enhancements

The following is a list of enhancements implemented in Privilege Manager for Unix7.3.

Table 1: General enhancements
Enhancement Issue ID

Summary

During a pmrun session, the login user is now consistently set based on the runutmpuser user variable (or from the runuser variable as a fallback measure), regardless of the platform.

Details

In previous versions, during a pmrun session, the login user (returned by the logname command or the getlogin function) was:

  • Set as the runuser user variable on macOS and freeBSD.

  • Set as the runutmpuser on Solaris.

  • Remaining empty on AIX and Linux.

Starting from this version, pmrun works consistently, so the login user is always set based on the runutmpuser variable, defaulting to the runuser variable if runutmpuser is empty.

TIP: Because of this new behavior, if you want your site to have a more sudo-like behavior where the login user and the utmp entry contain the request, add an extra line like the following example to your policy:

runutmpuser = requestuser;

443105

Deprecated features

The following features are no longer supported beginning with this release:

  • As of Privilege Manager for Unix version 7.3, the following platforms and architectures are no longer supported:

    • CentOS Linux 6

    • Apple MacOS 11.x and earlier

    • Oracle Enterprise Linux (OEL) 6

    • Red Hat Enterprise Linux (RHEL) 6

    • SuSE Linux Enterprise Server (SLES) / Workstation 11SP4

自助服务工具
知识库
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
联系我们
获得许可 帮助
技术支持
查看全部
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级