Privilege Management for Unix and Linux Language Guide
This guide provides detailed information regarding the security policy file programming language for the BeyondTrust Privilege Management for Unix and Linux software. This language is used to create security policy files that are used by Privilege Management for Unix and Linux to:
- Control the tasks a user or group of users may perform
- Control the systems from which a task may be submitted
- Control the systems from which a task may be run
- Determine when a specific task may be run (day and time)
- Determine where a task may be run from
- Determine if secondary security checks, such as passwords or checksums, are required to run a task
- Determine if one or more supplemental security programs are run before a task is started
This guide assumes that the user has a basic understanding of Unix or Linux system administration and some experience with a scripting or other computer language. We recommend that you have experience in these areas before you attempt to create or modify security policy files.
Privilege Management for Unix and Linux refers to the product formerly known as PowerBroker for Unix and Linux.
Specific font and line spacing conventions are used to ensure readability and to highlight important information, such as commands, syntax, and examples.
Sample Policy Files
When you install Privilege Management for Unix and Linux , you can choose to copy sample Privilege Management for Unix and Linux policy files to the installation host. These sample policy files include detailed explanations of what they do. You can use these files to learn how policy files are typically written for various scenarios. The directory that these sample files are copied to is determined by the GUI library directory option that you specify during installation. By default, this directory is /usr/local/lib/pbbuilder. A readme_samples text file in that directory includes a brief description of each sample file.