The pbguid command runs the server for the browser-based Privilege Management for Unix and Linux GUI. This program enables you to change settings files, view event and I/O logs (including archived I/O logs), edit policy configuration files, run the event log report writer, and update the GUI configuration. A socket-listener process (typically inetd, xinetd, or pbguid –d -p) starts pbguid.
Changes that are made to the pb.settings file after the daemon is started will not affect the operation of the daemon. If you change the pb.settings file, then you must restart the daemon for the changes to take effect. If you do not restart the daemon, then the daemon continues to operate using a snapshot of the pb.settings file that was cached at the time the daemon was started.
Start the GUI by pointing a browser at a machine with the GUI installed and using the appropriate protocol. For example, on a machine called pbguidhost with the GUI running on port 24348 using HTTP, a user would type http://pbguidhost:24348 in the browser.
The GUI user is authenticated by checking the entered user name and password against the Unix/Linux passwords on the host that is running pbguid.
The user is authorized by a request that is sent from pbguid to the policy server pbmasterd with the pbclientname of pbguid and the variables browserip and browserhostname set. The browser variables might reflect the proxy name if the browser uses a proxy to get to the pbguid machine.
The type of requested activity is indicated by arguments that are sent to pbmasterd. These arguments are checked against the policy file to determine if the user is allowed to conduct the activity.
For all activities:
- The value of the pbclientname variable is set to pbguid.
- The value of the command variable is set to pbguid.
- The value of argv is set to pbguid (or the prefix/suffix version of the pbguid command name). Each activity is identified by the values of argv, argv, and argv, as shown in the following table.
|Selecting a file with File Browser||browse|
|Viewing an I/O log||iolog||file name of I/O log|
|Viewing an event log||log|
|Updating the settings file||settings|
Updating the GUI Configuration options
|Accessing the Policy Editor||policy|
|Saving a policy file||save||policy file name|
|Saving a policy file to a different file name||report||new policy file name||original policy file name|
|Accessing the event log reporting pages||report|
|Creating a new event log report set||report||edit|
|Selecting event log fields for a report set||report||select|
|Editing an existing event log report set||report||edit||report set file name|
|Executing an event log report set||report||exec||report set file name|
|Retrieving information about an event log report set||report||info||report set file name|
|Saving an event log report set||report||save||report set file name|
|Accessing the entitlement reporting pages||entitlement|
|Creating a new entitlement report set||entitlement||edit|
|Editing an existing entitlement report set||entitlement||edit||report set file name|
|Executing an entitlement report set||entitlement||exec||report set file name|
|Retrieving information about an entitlement report set||entitlement||info||report set file name|
|Saving an entitlement report set||entitlement||save||report set file name|
|Access the Task Manager||console|
You can distinguish the accessing the event log reporting pages activity from the other event log reporting activities by checking the value of argc, which is 2 for the accessing activity and 3 or 4 for the other activities. Use a similar technique to distinguish the accessing the entitlement reporting pages activity from the other entitlement reporting activities.
- Version 3.5 and earlier: long command options not supported.
- Version 4.0 and later: long command options supported.
pbguid [options] -d, --daemon -e, --error_log=log_file -f, --foreground -p, --port=port_number -S, --secure pbguid –v | --version pbguid -help
|-e, --error_log=log_file||Optional. Specifies a diagnostic log.|
Optional. Uses HTTPS rather than HTTP as the protocol. This option provides a more secure mode of operation.
In version 6.0 and later, the --https long command option is no longer valid. Use --secure instead.
Optional. Run as a stand-alone daemon instead of from inetd or xinetd. This option can be specified only with the port number. For example:
pbguid -d -p
|-f, --foreground||Run as a foreground job instead of forking and dissociating from the current job. This is the most useful for running pbguid from inittab.|
|-p, --port=port_number||Optional. Listens to the specified port, instead of the default, when running as a stand-alone daemon. This option requires -d.|
|-v, --version||Optional. Displays the pbguid version and exits.|
|--help||Displays the pbguid help message and exits.|
- Privilege Management for Unix and Linux settings file.
- Privilege Management for Unix and Linux configuration file.