How the selang Exit Script Works
provides a script that you can use as a master script to call other programs according to the nature and status of the current selang command. The exit script that is supplied as part of is ACInstallDir/exits/lang_exit.sh (where ACInstallDir is the installation directory.) Here is how it works:
cminder140
Privileged Access Manager Server Control
provides a script that you can use as a master script to call other programs according to the nature and status of the current selang command. The exit script that is supplied as part of Privileged Access Manager Server Control
is ACInstallDir
/exits/lang_exit.sh (where ACInstallDir
is the Privileged Access Manager Server Control
installation directory.) Here is how it works:- Privileged Access Manager Server Controlautomatically gives values to three parameters of the script.
Parameter | Possible Values |
CLASS | USER | GROUP |
ACTION | CREATE | MODIFY | DELETE |
STAGE | PRE | POST |
The parameters indicate whether
Privileged Access Manager Server Control
is dealing with a user or a group; whether the user or group is being created, deleted, or modified; and whether the selang command is about to be executed (PRE) or has just been executed (POST).The script can pass the parameter values to programs that it calls.
Parameter | Possible Values |
EXEC_RV | Receives the return value of a UNIX command that you use to determine whether the exit command succeeded or failed. For PRE commands, the value is always zero. For POST commands, you can use the value to decide whether to run or skip an exit. For an example of how to use this parameter, locate ACInstallDir /samples/exits_src |
- Using the CLASS and STAGE parameters,Privileged Access Manager Server Controllooks for programs in the appropriate directory:ACInstallDir/exits/USER_PRE/ ACInstallDir/exits/USER_POST/ ACInstallDir/exits/GROUP_PRE/ ACInstallDir/exits/GROUP_POST/
- In the appropriate directory,Privileged Access Manager Server Controlselects all the programs that have file names that begin with a capital S, refer to the appropriate action, and have the following format:Snnaction_stringWherennis a two-digit decimal number defining the order of the program in the execution sequence,actionis one of CREATE, MODIFY, or DELETE, andstringis a descriptive string.
- Privileged Access Manager Server Controlruns all the appropriate programs according to the numerical order of the second and third characters of their names.
Example: UNIX Exit Script
You are going to delete a user, and the directory
ACInstallDir
/exits/USER_PRE/ includes the following files:- S10CREATE_precustom.sh
- S10DELETE_precustom.sh
- S99DELETE_prermusrdir.sh
When you issue the command to delete the user, the first program is not run because you are deleting and not creating a user. The second and then the third programs are run in that order based on the two digits after the initial S.