Always check the syntax of a security policy file before putting it into production. If a request encounters a security policy file syntax error, then the task that causes the error is immediately rejected. The Reject event is logged in the Privilege Management for Unix and Linux event log.
Syntax checking is done with pbcheck, a Privilege Management for Unix and Linux utility program. It performs two functions:
- Security policy file syntax validation
- Simulates security processing for test task requests to determine if that task request would be accepted or rejected during production processing
For more information on how to use pbcheck, please see the Privilege Management for Unix and Linux Administration Guide.
Policies can be debugged via the pbadmin --poldbg command.
For more information, please see the Privilege Management for Unix and Linux Administration Guide.