How the Provided selang Exit Script Works
Privileged Identity Manager provides a script that you can use as a master script to call other programs according to the nature and status of the current selang command. The exit script that is supplied as part of Privileged Identity Manager is ACInstallDir/exits/lang_exit.sh (where ACInstallDir is the Privileged Identity Manager installation directory.) Here is how it works:
cminder12801
Privileged Identity Manager provides a script that you can use as a master script to call other programs according to the nature and status of the current selang command. The exit script that is supplied as part of Privileged Identity Manager is
ACInstallDir
/exits/lang_exit.sh (where ACInstallDir
is the Privileged Identity Manager installation directory.) Here is how it works:- Privileged Identity Manager automatically gives values to three parameters of the script.
Parameter | Possible Values |
CLASS | USER | GROUP |
ACTION | CREATE | MODIFY | DELETE |
STAGE | PRE | POST |
The parameters indicate whether Privileged Identity Manager is dealing with a user or a group; whether the user or group is being created, deleted, or modified; and whether the selang command is about to be executed (PRE) or has just been executed (POST).
The script can pass the parameter values to programs that it calls.
Parameter | Possible Values |
EXEC_RV | Receives the return value of a UNIX command that you use to determine whether the exit command succeeded or failed. For PRE commands, the value is always zero. For POST commands, you can use the value to decide whether to run or skip an exit. For an example of how to use this parameter, locate ACInstallDir /samples/exits_src |
- Using the CLASS and STAGE parameters, Privileged Identity Manager looks for programs in the appropriate directory:ACInstallDir/exits/USER_PRE/ ACInstallDir/exits/USER_POST/ ACInstallDir/exits/GROUP_PRE/ ACInstallDir/exits/GROUP_POST/
- In the appropriate directory, Privileged Identity Manager selects all the programs that have file names that begin with a capital S, refer to the appropriate action, and have the following format:
WhereSnnaction_stringnnis a two-digit decimal number defining the order of the program in the execution sequence,actionis one of CREATE, MODIFY, or DELETE, andstringis a descriptive string. - Privileged Identity Manager runs all the appropriate programs according to the numerical order of the second and third characters of their names.
Example: UNIX Exit Script
You are going to delete a user, and the directory
ACInstallDir
/exits/USER_PRE/ includes the following files:- S10CREATE_precustom.sh
- S10DELETE_precustom.sh
- S99DELETE_prermusrdir.sh
When you issue the command to delete the user, the first program is not run because you are deleting and not creating a user. The second and then the third programs are run in that order based on the two digits after the initial S.