Environment
NetIQ Privileged User Manager
NetIQ Privileged Account Manager
NetIQ Privileged Account Manager
Situation
How to apply the submitUser to the elevated session's environment variables
How to configure an environment variable to show the submitUser
How to inject the submit user into an environment variable
How to determine or display the submitUser in or during an elevated session
How to display the user who submitted the command to PAM in an elevated session
How to configure an environment variable to show the submitUser
How to inject the submit user into an environment variable
How to determine or display the submitUser in or during an elevated session
How to display the user who submitted the command to PAM in an elevated session
Resolution
For details on configuring and applying the sample Change Environment Variables script, see TID 7016983. Instead of importing the sample modify environment script, you can simply create a new script with the following content:
The above script will apply the submitUser variable to the elevated session's environment variables. Just remember to apply the script to the desired rule.
Note: According to Engineering, it is applied when using usrun, but not directly to SSH connections.
my $submituser = $meta->child('Passwd')->arg('username');
my $e=$meta->child("Environment");
return(1) if(! $e);
my $n=$e->node_args();
my %env=();
$env{submitUser} = $submituser;
while($n) {
$env{$1}=$2 if($n->key() ne "items" && $n->value() =~ /^(.*)=(.*)$/);
$n=$n->next();
}
my %keepenv=();
my $clearenv=0;
for(my $a=$args->node_args();$a;$a=$a->next()) {
if($a->key() eq "clearenv" && $a->value() > 0) {
$clearenv=1;
} elsif($a->key() eq "keepenv" && $a->value() ne "") {
$keepenv{$a->value()}=1;
} elsif($a->key() eq "defaultenv" && $a->value >= 0) {
$meta->child("Job")->arg_int("job_default_env",$a->value());
}
}
if(scalar %keepenv || $clearenv) {
while(my ($key,$val) = each %env) {
delete $env{$key} if(! $keepenv{$key});
}
}
for(my $a=$args->node_args();$a;$a=$a->next()) {
if($a->key() eq "unsetenv" && $a->value() ne "") {
delete $env{$a->value()};
} elsif($a->key() eq "setenv" && $a->value() =~ /^(.*)\s*=\s*(.*)$/) {
$env{$1}=$2;
}
}
$meta->del($e);
$e=$meta->add_node("Environment");
my $items=0;
while(my ($key,$val) = each(%env)) {
$e->arg("arg-$items","$key=$val");
$items++;
}
$e->arg_int("items","$items");
return(1);
The above script will apply the submitUser variable to the elevated session's environment variables. Just remember to apply the script to the desired rule.
Note: According to Engineering, it is applied when using usrun, but not directly to SSH connections.