pbguid

The pbguid command runs the server for the browser-based Privilege Management for Unix and Linux GUI. This program enables you to change settings files, view event and I/O logs (including archived I/O logs), edit policy configuration files, run the event log report writer, and update the GUI configuration. A socket-listener process (typically inetd, xinetd, or pbguid –d -p) starts pbguid.

Changes that are made to the pb.settings file after the daemon is started will not affect the operation of the daemon. If you change the pb.settings file, then you must restart the daemon for the changes to take effect. If you do not restart the daemon, then the daemon continues to operate using a snapshot of the pb.settings file that was cached at the time the daemon was started.

Start the GUI by pointing a browser at a machine with the GUI installed and using the appropriate protocol. For example, on a machine called pbguidhost with the GUI running on port 24348 using HTTP, a user would type http://pbguidhost:24348 in the browser.

The GUI user is authenticated by checking the entered user name and password against the Unix/Linux passwords on the host that is running pbguid.

The user is authorized by a request that is sent from pbguid to the policy server pbmasterd with the pbclientname of pbguid and the variables browserip and browserhostname set. The browser variables might reflect the proxy name if the browser uses a proxy to get to the pbguid machine.

The type of requested activity is indicated by arguments that are sent to pbmasterd. These arguments are checked against the policy file to determine if the user is allowed to conduct the activity.

For all activities:

  • The value of the pbclientname variable is set to pbguid.
  • The value of the command variable is set to pbguid.
  • The value of argv[0] is set to pbguid (or the prefix/suffix version of the pbguid command name). Each activity is identified by the values of argv[1], argv[2], and argv[3], as shown in the following table.

Activity

argv[1]

argv[2] argv[3]
Selecting a file with File Browser browse    
Viewing an I/O log iolog file name of I/O log  
Viewing an event log log    
Updating the settings file settings    

Updating the GUI Configuration options

defaults    
Accessing the Policy Editor policy    
Saving a policy file save policy file name  
Saving a policy file to a different file name report new policy file name original policy file name
Accessing the event log reporting pages report    
Creating a new event log report set report edit  
Selecting event log fields for a report set report select  
Editing an existing event log report set report edit report set file name
Executing an event log report set report exec report set file name
Retrieving information about an event log report set report info report set file name
Saving an event log report set report save report set file name
Accessing the entitlement reporting pages entitlement    
Creating a new entitlement report set entitlement edit  
Editing an existing entitlement report set entitlement edit report set file name
Executing an entitlement report set entitlement exec report set file name
Retrieving information about an entitlement report set entitlement info report set file name
Saving an entitlement report set entitlement save report set file name
Access the Task Manager console    

You can distinguish the accessing the event log reporting pages activity from the other event log reporting activities by checking the value of argc, which is 2 for the accessing activity and 3 or 4 for the other activities. Use a similar technique to distinguish the accessing the entitlement reporting pages activity from the other entitlement reporting activities.

  • Version 3.5 and earlier: long command options not supported.
  • Version 4.0 and later: long command options supported.
pbguid [options]
   -d, --daemon
   -e, --error_log=log_file
   -f, --foreground
   -p, --port=port_number
   -S, --secure
pbguid –v | --version
pbguid -help
-e, --error_log=log_file Optional. Specifies a diagnostic log.
-S, --secure

Optional. Uses HTTPS rather than HTTP as the protocol. This option provides a more secure mode of operation.

In version 6.0 and later, the --https long command option is no longer valid. Use --secure instead.

-d, --daemon

Optional. Run as a stand-alone daemon instead of from inetd or xinetd. This option can be specified only with the port number. For example:

pbguid -d -p
-f, --foreground Run as a foreground job instead of forking and dissociating from the current job. This is the most useful for running pbguid from inittab.
-p, --port=port_number Optional. Listens to the specified port, instead of the default, when running as a stand-alone daemon. This option requires -d.
-v, --version Optional. Displays the pbguid version and exits.
--help Displays the pbguid help message and exits.
  • Privilege Management for Unix and Linux settings file.
  • Privilege Management for Unix and Linux configuration file.

For more information, please see the following: