Privilege Management for Unix and Linux Diagnostic Messages Reference

This guide provides detailed information regarding the security policy file programming language for BeyondTrust Privilege Management for Unix and Linux as well as a comprehensive diagnostic message list. The Privilege Management for Unix and Linux suite includes:

  • Privilege Management for Unix and Linux
  • Privilege Management for Networks
  • Privilege Management for Unix and Linux, Essentials Edition

This language is used to create security policy files to control tasks and systems. You can control:

  • The task a user or group of users may perform
  • The systems a task may be submitted from
  • The systems from which a task can be run
  • When a specific task may be run (day and time)
  • Where a task may be run from
  • When and if secondary security checks (passwords and checksums) are required to run a task
  • When and if supplemental security programs are run before a task is started


We assume the reader has a basic understanding of Unix or Linux system administration as well as experience working with a scripting (or equivalent) language. We recommend that you have experience in these areas before you attempt to create or modify security policy files.

Specific font and line-spacing conventions are used to assist with readability and to highlight important information, such as commands, syntax, and examples. The line-spacing of commands, syntax, examples, and code may vary from actual Windows and Unix and Linux usage due to space limitations. For example, if a single line does not fit within the text margins, the text may be displayed on two lines with the second line indented.

For more information about licensing and installation, please see the Privilege Management for Unix and Linux Installation Guide.

Sample Policy Files

When Privilege Management for Unix and Linux is installed, you can choose to copy sample policy files to the installation host. These sample policy files include detailed explanations of their function, and you can use these files to learn how policy files are typically written for various scenarios. The directory where the sample files are copied to is determined by the GUI library directory option you specify during installation. By default, this directory is /usr/local/lib/pbbuilder. A readme_samples text file is available in the directory and includes a brief description of each sample file.