Anonymous_User Absent Member.
Absent Member.
669 views

pcksh and cpcksh switch


Hi All
I am reading admin auide, and I know NPUM has 3 methods to control
user ...(1)use usrun command(2)use pcksh(3)use cpcksh
I have tested compledte about usrun command...but I want to test to let
all users's shell switch to use pcksh or cpcksh...I have create 2
command rules for pcksh / cpcksh....but I do not know make use login to
server , the deault shell is pcksh or cpcksh.
Besides, How to verify user's shell indeed use pcksh or cpcksh?? use
"echo $SHELL" ? if it will return "pcksh" or "cpcksh" message ?

thanks!!

wyldkao


--
wyldkao
------------------------------------------------------------------------
wyldkao's Profile: https://forums.netiq.com/member.php?userid=1688
View this thread: https://forums.netiq.com/showthread.php?t=49150

0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: pcksh and cpcksh switch

On 11/05/2013 09:06 PM, wyldkao wrote:
>
> Hi All
> I am reading admin auide, and I know NPUM has 3 methods to control
> user ...(1)use usrun command(2)use pcksh(3)use cpcksh
> I have tested compledte about usrun command...but I want to test to let
> all users's shell switch to use pcksh or cpcksh...I have create 2
> command rules for pcksh / cpcksh....but I do not know make use login to
> server , the deault shell is pcksh or cpcksh.
> Besides, How to verify user's shell indeed use pcksh or cpcksh?? use
> "echo $SHELL" ? if it will return "pcksh" or "cpcksh" message ?


Controlling which shell a user loads by default on login is up to the
Linux/Unix system. Normally this is in the /etc/passwd file, and yes you
can see which one it is by looking at the logged-in user's shell command,
or by looking t the output of `getent passwd userNameHere` on most systems
which will also show you users that come from systems other than the
/etc/passwd file.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: pcksh and cpcksh switch


DON'T CHANGE USERS SHELL TO PCKSH EVER.

For *individual commands AND invoking a Privileged shell, (pcksh) users
use 'usrun' *

For example: Users invoke a Privileged shell with usrun, such as 'usrun
-u root pcksh'

For this 'usrun' to authothorize you would need to set up a Command and
a Rule.

Example Command: pcksh
Commands:
/usr/bin/pcksh
pcksh

Rewrite:
/usr/bin/pcksh -o audit 1

Example Rule: pcksh as root

Begin Rule: pcksh as root
If (command IN pcksh AND (user IN Security Admins))
Then
Set Authorize: yes
Set Session Capture: yes
Set runUser = "root"
Stop if authorized
End If
End Rule: pcksh as root



TO INVOKE THE CPCKSH SHELL

You change the users shell to cpcksh (/usr/bin/cpcksh) in the
/etc/passwd, however you need a matching rule that will authorize the
shell (upon login)

Example Command: cpcksh to bash
Commands:
-cpcksh

Rewrite:
/bin/bash

Example Rule:
Begin Rule: cpcksh to bash
If ((command IN cpcksh to bash))
Then
Set Authorize: yes
Set Session Capture: yes
Stop if authorized
End If
End Rule: cpcksh as login shell


Note: If Command Control is NOT available, users with their shell
changed to cpcksh will NOT be able to login. The cpcksh shell is a
shell that does NOT grant additinonal rights, as seen in the example
above. It's meant for a monitoring normal users shell.


--
deni
------------------------------------------------------------------------
deni's Profile: https://forums.netiq.com/member.php?userid=1793
View this thread: https://forums.netiq.com/showthread.php?t=49150

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.