reject Statement
- Version 4.0 and earlier: reject statements do not support ACL.
- Version 5.0 and later: reject statements support ACL.
Description
The reject statement immediately terminates security policy file checking and cancels the current job request without allowing it to execute. Depending on the parameters that are selected, the user sees a default message, custom reject message, or no message.
In Endpoint Privilege Management for Unix and Linux 5.0, the Endpoint Privilege Management for Unix and Linux policy language was extended to include an Access Control List structure. This structure extends the accept statement to provide a simple nonprogrammatic way of entering access data.
Syntax
Version 4.0 and earlier:
reject ["reject-text"];
Version 5.0 and later:
reject ["reject-text"] [from ["user"][, ["submithost"] [, ["command"][, ["runhost"]]]]] [when conditional-expression];
- reject-text is the text to display to the user.
- user is a user name, list of user names, or left blank to imply any user.
- submithost is a submit host name, list of submit hosts, or left blank to imply any submit host.
- command is a command, list of commands, or left blank to imply any command.
- runhost is a run host, list of run hosts, or left blank to imply any run host.
- conditional-expression is an expression that evaluates true or false.
reject Statement Display Text
The reject statement has an optional reject-text expression in its argument. The meaning of the expression is as follows:
| blank | Not specifying a parameter results in the display of the default request rejected by Policy Server… message. |
| "" | An empty string suppresses the default request rejected by Policy Server… message. |
| "string" | Replaces the default request rejected by Policy Server… message with a message specified by string. |
Examples
Version 4.0 and earlier:
if (user == "User1") reject;
If the current user is User1, reject the task request and immediately terminate security policy file processing.
reject;
The reject statement has no parameter, causing the default request rejected by Policy Server… message to appear.
reject "";
The reject statement used with the null ("") argument. This suppresses the default request rejected by Policy Server… message.
reject "You may not do that";
The reject statement is used with string parameter "You may not do that", resulting in the message "You may not do that" being displayed.
Version 5.0 and later:
reject from "user4";
Reject all commands from user4, from any submit host, and for any run host.
reject when timebetween (1700, 900);
Reject all commands, from any user and any submit host, and for any run host, when the time is between 5:00 P.M. and 9:00 A.M.
reject "Permission denied" from {"user5", "user6"},,, "host5";
Reject all commands from user5 or user6, from any submit host, for run host host5, with the display message Permission denied.
For more information, see accept Statement.
