This run variable does not apply to pbssh. If it is present in the policy, it does not have any effect on pbssh and is ignored.
Boolean. localmode is read-only. runlocalmode is modifiable.
The localmode and runlocalmode variables indicate if the submitting user specified that the current task request run in local mode. When a task runs in local mode, pbmasterd returns control to pbrun rather than pblocald. After the task is accepted, pbrun replaces itself with the current task request. The result is that localmode cannot be used with Advanced Control and Audit (ACA), and the current task request is processed without the benefit of any further event logging (the exit status is not logged) or keystroke actions.
Regarding pbrun, the localmode mechanism is deprecated in favor of Optimized Run Mode, in which all features are available.
The Privilege Management shells pbsh and pbksh normally operate in localmode. This can be disabled by setting runlocalmode=false.
Privilege Management for Unix and Linux sets the localmode variables when the user executes pbrun with a -l switch, or when the runlocalmode variable is set to true in the policy.
runlocalmode = boolean;
|true||Run local mode. The default value is true if pbrun –l is used, false otherwise.|
|false||Disable local mode.|
localmode is a read-only variable with a value of true if pbrun –l is used, false otherwise.
runlocalmode defaults to localmode. If the allowlocalmode setting is false, then runlocalmode is set to read-only and has a value of false.
runlocalmode = false;
For more information, please see the following:
- pblocald in the Privilege Management for Unix and Linux Administration Guide.
- Task Submission - pbrun
- allowlocalmode in the Privilege Management for Unix and Linux Administration Guide.