It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all the other self support options and support programs available. - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://forums.novell.com)
While you can change the users login shell to cpcksh (our non-privileged shell) you'd have to create a rule within the Command Control console to authorize this shell. A very simple rule would look like the following:
Begin Rule: cpcksh If ((command IN Cpcksh)) Then Set Authorize: yes Set Session Capture: yes Stop if authorized End If End Rule: cpcksh
This would give the user a audited shell, but does NOT grant any additional privileges. If login as 'brett' - I still have 'brett's rights, no more.
If you are trying to grant someone a root shell, you'll want to look at pcksh. I wouldn't recommend to change the users login shell to pcksh, but to use 'usrun' to invoke the shell when needed.
The way NPUM works is that you invoke commands using 'usrun' which then sends the command, username, hostname and other environmental information to the Command Control Manager (and Command Control rules you've configured). We start at the top of the rules and run through all of them until we either match or are told to stop.
If you are wanting a non-privileged user to 'become root' then you'd create a rule that allowed the user to do so.
For example, here's a sample rule.
Begin Rule: pcksh as root If ((command IN pcksh) AND (user IN Priviledged)) Then Set Authorize: yes Set Session Capture: yes Set runUser = "root" Stop if authorized End If End Rule: pcksh as root
From the agent, you'd then run 'usrun pcksh' or 'usrun -u root pcksh' As long as the submit user (the user you are currently logged in as) is in the "Privileged" Group, we should match this rule and start a Privileged pcksh shell that is audited.
Hope this helps.
rajeshemailto;12641 Wrote: > I have installed PUM 2.3.1