Begin Rule :EAC Rule IF ((command IN Cpcksh shell login)) THEN Set Authorize : yes Set Session Capture : yes Set Script : Enhanced Access Control Policy( policy:path default read:l!all path /bin/* exec:!all path /var/**/* !read:log=9 path/var/* !read:log=9 path /var/** !read:log=9) END IF END RULE :EAC Rule
the command "Cpcksh shell login" is -cpcksh -crush
i login in with "putty" and after switch to another user but all users can perform "ls -la /var/"
Just to be sure, do all of your users have 'cpcksh' as their login shell? If they are no within that environment, then they will not be constrained by PUM, and normally /var is a public directory at least to list at that top level, so what you see would be expected in that case.
-- Good luck.
If you find this post helpful and are logged into the web interface, show your appreciation and click on the star below...