How the Provided selang Exit Script Works

CA ControlMinder provides a script that you can use as a master script to call other programs according to the nature and status of the current selang command. The exit script that is supplied as part of CA ControlMinder is ACInstallDir/exits/lang_exit.sh (where ACInstallDir is the CA ControlMinder installation directory.) Here is how it works:
cminder12901
CA ControlMinder provides a script that you can use as a master script to call other programs according to the nature and status of the current selang command. The exit script that is supplied as part of CA ControlMinder is
ACInstallDir
/exits/lang_exit.sh (where
ACInstallDir
is the CA ControlMinder installation directory.) Here is how it works:
  1. CA ControlMinder automatically gives values to three parameters of the script.
Parameter
Possible Values
CLASS
USER | GROUP
ACTION
CREATE | MODIFY | DELETE
STAGE
PRE | POST
The parameters indicate whether CA ControlMinder is dealing with a user or a group; whether the user or group is being created, deleted, or modified; and whether the selang command is about to be executed (PRE) or has just been executed (POST).
The script can pass the parameter values to programs that it calls.
Parameter
Possible Values
EXEC_RV
Receives the return value of a UNIX command that you use to determine whether the exit command succeeded or failed.
For PRE commands, the value is always zero. For POST commands, you can use the value to decide whether to run or skip an exit.
For an example of how to use this parameter, locate
ACInstallDir
/samples/exits_src
  1. Using the CLASS and STAGE parameters, CA ControlMinder looks for programs in the appropriate directory:
    ACInstallDir/exits/USER_PRE/ ACInstallDir/exits/USER_POST/ ACInstallDir/exits/GROUP_PRE/ ACInstallDir/exits/GROUP_POST/
  2. In the appropriate directory, CA ControlMinder selects all the programs that have file names that begin with a capital S, refer to the appropriate action, and have the following format:
    Snnaction_string
    Where
    nn
    is a two-digit decimal number defining the order of the program in the execution sequence,
    action
    is one of CREATE, MODIFY, or DELETE, and
    string
    is a descriptive string.
  3. CA ControlMinder runs all the appropriate programs according to the numerical order of the second and third characters of their names.
Example: UNIX Exit Script
You are going to delete a user, and the directory
ACInstallDir
/exits/USER_PRE/ includes the following files:
  • S10CREATE_precustom.sh
  • S10DELETE_precustom.sh
  • S99DELETE_prermusrdir.sh
When you issue the command to delete the user, the first program is not run because you are deleting and not creating a user. The second and then the third programs are run in that order based on the two digits after the initial S.