pbrun | EPM-UL
pbrun requests that a secure task be run in a controlled environment. The user prefixes the command line with pbrun.
Example
pbrun backup /usr/dev/datpbrun checks the settings file for a submitmasters entry or the netgroup @pbsubmitmastersto determine the policy server daemon to which it should send the request. If the policy server daemon accepts the request, then it directs a local daemon to start the task request on the run host.
Syntax
- Version 3.5 and earlier: long command options not supported.
- Version 4.0 and later: long command options supported.
pbrun [options] command [command_arguments]
-b, --background
-d, --debug=connect
-d, --debug=log=<level>
-d, --debug=mlog=<level>
-d, --debug=glog=<level>
-d, --debug=llog=<level>
-d, --debug=time
-d, --debug=ttime
--disable_optimized_mode
-h, --host=run_host
-l, --local_mode
-n, --null_input
-p, --pipe_mode
--solarisproject projectname
-u, --user=request_user
--testmaster=master_host
-X
pbrun –v | --version
pbrun --helpArguments
| -b, --background | Optional. The target job is directed to ignore hang up signals. This option is particularly useful for running the target program in the background. |
| -d connect, --debug=connect | Optional. Displays policy server connection information for debugging. |
| -d log=level, --debug=log=level | Optional. Generate debug trace logs for pbrun and all active EPM-UL components that process the command. Specify a level number from 1 (least detail) to 9 (most detail). The resulting logs reside in the same location as the corresponding diagnostics log. Version 8.0 and later: setting available. |
| -d glog=level, --debug=glog=level | Optional and only available when running as root. Generate debug trace log for pblogd that processes the command. This setting is made permanent for that log host. Specify a level number from 1 (least detail) to 9 (most detail). The resulting logs reside in the same location as the pblogd diagnostic log file. Version 8.0 and later: setting available. |
| -d mlog=level, --debug=mlog=level | Optional and only available when running as root. Generate debug trace log for pbmasterd that processes the command. This setting is made permanent for that policy server host. Specify a level number from 1 (least detail) to 9 (most detail). The resulting logs reside in the same location as the pbmasterd diagnostic log file. Version 8.0 and later: setting available. |
| -d time, --debug=time | Optional. Displays pbrun timing information for debugging. This option is intended primarily for BeyondTrust Technical Support. |
| -d ttime, --debug=ttime | Optional. Display pbrun total run time for debugging. |
| --disable_optimized_runmode | Disable pbrun optimization and use pblocald even when submit host and run host are the same. This affects only the local submit host. Version 5.0 and later: option available. --disable_optimized_runmode switch is not available in SaaS (EPM-L) |
| -h, --host=run_host | Optional. Requests run_host as the run host for the secured task. Ignored if -l is also specified, or if the runlocalmode policy variable is set to true. -h option is not available in SaaS (EPM-L) |
| -l, --local_mode | Optional. Requests that the secured task run locally. Once the policy server host’s policy accepts the request and logs its start, the target program replaces the pbrun on the local machine. This option provides increased efficiency and reduced network traffic, but job termination status and timeout processing. This mode can be disabled in the configuration file by setting allowlocalmode to false. This mode can also be overridden in the policy by setting runlocalmode to 0. |
| -n, --null_input | Optional. Redirects the standard input of pbrun to /dev/null. You sometimes need this option to avoid interactions between pbrun and the shell that invokes it. For example, if you are running pbrun and start pbrun in the background without redirecting its input away from the terminal, it blocks even if no reads are posted by the remote command. These options prevent this situation. |
| -p, --pipe_mode | Optional. Puts pbrun into pipe mode. Forces the secured task to behave as if it is run in a pipeline rather than a terminal session. |
| --solarisproject projectname | Optional. Associates the Solaris project projectname with the secured task. Requires Solaris version 9 or later on the runhost. Version 6.1 and later: option available. |
| --testmaster=master_host | Optional and only available when running as root. Requests master_host as the policy server host to test whether a command will be accepted or rejected. The command itself is not executed. Specify either the hostname or the IP address for the master_host. Version 8.0 and later: option available. |
| -u, --user=request_user | Optional. Sets the variable requestuser to request_user. The policy can then decide to honor the request and set runuser and/or runeffectiveuser equal to request_user. |
| .-v, --version | Optional. Displays the program version and exits. |
| --help | Optional. Displays the program help message and exits. |
| -X | Optional. Activates X11 forwarding. When running pbrun with the -X option, the DISPLAY environment variable needs to be set, and a valid XAuthority token needs to exist in the users .Xauthority file. This can be checked using: xauth list $DISPLAY |
Files
/etc/pb.settings (Local EPM-UL submithost settings.)
Example
pbrun –h runhost uname -aFor more information, see pbcheck, pblocald, pblog, pbmasterd, pbpasswd, pbreplay, pbsum, pb.settings file, Debug Trace Logging, xwinforward, xwinreconnect
Updated 1 day ago
