Privilege Management for Unix and Linux User Interface Guide

This guide provides detailed information regarding the user interface for the BeyondTrust Privilege Management for Unix and Linux software. This interface is used to:

  • Control the tasks a user or group of users may perform
  • Control the systems from which a task may be submitted
  • Control the systems from which a task may be run
  • Determine when a specific task may be run (day and time)
  • Determine where a task may be run from
  • Determine if secondary security checks, such as passwords or checksums, are required to run a task
  • Determine if one or more supplemental security programs are run before a task is started

This guide assumes that the user has a basic understanding of Unix or Linux system administration and some experience with a scripting or other computer language. We recommend that you have experience in these areas before you attempt to create or modify security policy files.

Privilege Management for Unix and Linux refers to the product formerly known as PowerBroker for Unix and Linux.

Specific font and line spacing conventions are used to ensure readability and to highlight important information, such as commands, syntax, and examples.

Sample Policy Files

When you install Privilege Management for Unix and Linux , you can choose to copy sample Privilege Management for Unix and Linux policy files to the installation host. These sample policy files include detailed explanations of what they do. You can use these files to learn how policy files are typically written for various scenarios. The directory that these sample files are copied to is determined by the GUI library directory option that you specify during installation. By default, this directory is /usr/local/lib/pbbuilder. A readme_samples text file in that directory includes a brief description of each sample file.

 

The Privilege Management for Unix and Linux GUI has been deprecated and will soon no longer be supported. To prepare for this change, we recommend switching to and using BeyondInsight for Unix and Linux.