Description
Type string READONLY
user containts the submit user's login name.
Example
If ( (user == "matt") && (command == "passwd") ) { printf("matt is not allowed to alter passwords"); reject; }
Type string READONLY
user containts the submit user's login name.
If ( (user == "matt") && (command == "passwd") ) { printf("matt is not allowed to alter passwords"); reject; }
Type integer READONLY
year contains the year in which the request was submitted in the format YY.
if ( (year == "08") || (year == "12") ) { if ( (month == "01") && (day == "29") ) { printf("This year is a leap year, something has gone wrong"); reject; } }
The following predefined global variables are initialized from the submit user's environment.
Variable | Data Type | Description |
---|---|---|
string |
Action to be taken when alertkeysequence is matched. | |
list |
List of patterns to match in a session. | |
integer |
Specifies whether to prevent the runcommand process from executing new processes. | |
string |
Pathname of the audit log. | |
string |
Host name list for remote event logging. | |
string |
Message to display if runcommand cannot run. | |
string |
Pathname of the keystroke log. | |
integer |
Specifies whether to encrypt the keystroke log. | |
integer |
Max bytes to log for a stderr message. | |
integer |
Max chars to log for a stdout message. | |
string |
Host name list for remote keystroke logging. | |
integer |
Specifies whether to exclude passwords from the keystroke log. | |
list |
Variables to omit from the audit and keystroke logs. | |
integer |
Specifies whether to keystroke log stderr messages. | |
integer |
Specifies whether to keystroke log stdin messages. | |
integer |
Specifies whether to keystroke log stdout messages. | |
string |
Message to display if the runcommand is not found on the run host. | |
list |
Detects presence of password prompts. | |
list |
Commands to allow in a Privilege Manager for Unix shell without further authorization. | |
list |
Commands to allow in a Privilege Manager for Unix shell without further authorization if input is from a pipe. | |
integer |
Specifies whether to authorize shell built-in commands in a Privilege Manager for Unix shell. | |
list |
Commands to forbid in a Privilege Manager for Unix shell without further authorization. | |
list |
Variables to mark as read-only in a Privilege Manager for Unix shell. | |
string |
Reject message to display when a forbidden command runs in a Privilege Manager for Unix shell. | |
integer |
Specifies whether to run a Privilege Manager for Unix shell in restricted mode. | |
integer |
Specifies whether to use the originating login host name in preference to the submit host. | |
list |
A list of values specified by the keepenv() call. | |
list |
A list of values specified by the setenv() call. | |
list |
A list of values specified by the unsetenv() call. | |
string |
Specifies whether to use the runuser’s environment rather than the submit user’s environment | |
string |
Message to display when a session is rejected. | |
list |
List of arguments for the request. | |
boolean |
The run version of bkgd. When set to True, lets the user stop the pmrun call and move it to the background. | |
string |
Requests the command to run with a specified root directory. | |
string |
Identifies a checksum to use to verify against the runcommand. | |
string |
A modifiable copy of the clienhost input variable. | |
string |
Full pathname of the request. | |
string |
Specifies whether the agent should request the runuser to authenticate before executing the runcommand. | |
string |
Working directory to set for the request. | |
boolean |
Lets you use runrlimit variables on the run host. | |
list |
List of environment variables to set for the request. | |
string |
Primary group to set for the request. | |
list |
List of secondary groups to set for the request. | |
string |
Host on which to run the request. | |
integer |
Nice value to apply for the request. | |
list |
A list of permitted paths for commands. | |
string |
Pty flags to apply for the request. | |
string |
Controls the maximum memory that is available to a process. | |
string |
Controls the maximum size of a core file. | |
string |
Controls the maximum size CPU time of a process. | |
string |
Controls the maximum size of data segment of a process. | |
string |
Controls the maximum size of a file. | |
string |
Control the maximum number of file locks for a process. | |
string |
Controls the maximum number of bytes of virtual memory that can be locked. | |
string |
Controls the maximum number of files a user may have open at a given time. | |
string |
Controls the maximum number of processes a user may run at a given time. | |
string |
Controls the maximum size of the resident set (number of virtual pages resident at a given time) of a process. | |
string |
Controls the maximum size of the process stack. | |
integer |
Specifies the number of seconds of idle time before ending the session. | |
integer |
Umask value to apply for the request. | |
string |
User to run the request. | |
string |
Utmp user to use when logging to utmp. | |
string |
User name to run subprocesses of the policy server master daemon. | |
string |
Directory used for temporary storage of I/O log files if a remote log host is specified in iologhost. |
Type string READ/WRITE
alertkeyaction contains the action to be taken if a command matches a pattern configured in alertkeysequence. The alertkeyaction can be defined as "reject", "log" or any custom string. The default value is "log".
switch (user) { case "root" : alertkeyaction = "ignore"; break; default : alertkeyaction = "log"; break; }
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center