lang
In the [lang] section, the tokens specify the attributes used by the selang command language programs: selang, Security Administrator, and seadm.
capamsc141
In the [lang] section, the tokens specify the attributes used by the selang command language programs: selang, Security Administrator, and seadm.
- check_passwordDetermines whether selang requests users to specify their own passwords. Valid values include:no-selang does not require any passwordsyes-Users are prompted to enter their passwords.Default:no
- exit_timeoutSpecifies the maximum time, in seconds, that allows the exit program to execute. After this time has passed, the token kills the exit program.Default:30
- exits_dirSpecifies the target directory where exits are installed by theACInstallDir/lbin/install_exits.sh shell script.Default:ACInstallDir/exits
- exits_source_dirSpecifies the source directory of the exits to be installed by theACInstallDir/install_exits.sh shell script.Default:ACInstallDir/samples/exits-src
- help_pathSpecifies the directory in which lang help files are located.Default:ACInstallDir/data/langhelp
- HNODE_max_eventsSpecifies the maximum number of health status events that the HNODE record writes. If events exceed the configured maximum number, then the oldest events are removed.Default:10
- languageDefines the languagePrivileged Access Managerinstalls in (for internal use).Default:english
- max_groups_buffsizeSpecifies the buffer size, in KB, that the security administrator uses when communicating with the database. This token is used when a UNIX update needs to be applied.Default:128
- no_check_password_usersSpecifies users who are not asked to enter their passwords.This token is relevant only if the token check_password is set toyes.Valid values include a list of users separated by commas.Default:none
- passwd_copySpecifies how the password file (/etc/passwd) or PMDB password file(/PMDB_Directory/policies/pmdb/passwd) is updated when you copy the temporary file back to the original after changing user information. Valid values include:fast_copy- Copies information over the file.rename- Changes the directory to point to the new file.Default:fast_copy
- post_group_exitSpecifies the path of the exit program to be called after a group command is executed in the UNIX environment.Default:ACInstallDir/exits/lang_exit.sh
- post_user_exitSpecifies the path of the exit program to be called after a user command is executed in the UNIX environment.Default:ACInstallDir/exits/lang_exit.sh
- pre_group_exitSpecifies the path of the exit program to be called before a group command is executed in the UNIX environment.Default:ACInstallDir/exits/lang_exit.sh
- pre_user_exitSpecifies the path of the exit program to be called before a user command is executed in the UNIX environment.Default:ACInstallDir/exits/lang_exit.sh
- query_sizeSpecifies the maximum number of records to be listed in a database query.Default:100
- RecvTimeOutSpecifies the maximum time, in seconds, that selang waits to receive information before timing out.If you set the valueto 0, there is no time-out.Default:60
- SendTimeOutSpecifies the maximum time, in seconds, that selang waits to send information before timing out.If you set the valueto 0, there is no time-out.Default:60
- SetBlockRunSpecifies whether to check if a program is trusted and block the execution of untrusted programs. The execution blocking is performed regardless whether the program is a setuid or a regular program.Valid values include the following:yes-All programs that are defined with viapgm authorization rules have the blockrun property set to yes.no-All programs that are defined with viapgm authorization rules have the blockrun property set to no.suid-All setuid programs have the blockrun property set to yes, and all other programs have the blockrun property set to no.Default:yes
- swap_deletion_orderDefines the order in which the "ruuserNameunix" command (user deletion) is executed in selang. Typically, this command is first executed in the AC environment, and then in the UNIX environment. Sometimes (for example, a group administrator deleting a user) where you would want to reverse this order.Valid values are:no- remove the user from the AC environment before the UNIX environment.yes- remove the user from the UNIX environment before the AC environment.Default:no
- timeoutSpecifies the maximum time, in seconds, the client waits for seosd daemon to respond. If seosd does not respond within this period, an error message is sent noting that seosd is not responding. The client then stops trying to connect to seosd.Default:90
- use_old_commandsSpecifies whether to disable old ACF2 compatibility commands (ag, lg, rg, lu, au, and so on).Limits:0do not support old commands, 1support old commandsDefault:1 (support old commands)
- use_unix_file_ownerSpecifies whether a UNIX owner of a file can define the file. If the value is yes, an owner of a file in UNIX can define it using the newres or newfile command.If the file is already defined, the user cannot change its parameters in the database unless the user is allowed to do so according to the normal authorization rules.Valid values are yes and no.Default:no