Creating a user in CA PIM with custom home directory permissions

book

Article ID: 208388

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

When doing

env nat

nu ("test") pgroup("users") homedir("/home/test") shellprog("/bin/bash")

the file permission on /home/test is set to: drwxr-xr-x

But if the user is created via a linux command adduser, the home directory permisison is set to drwx------

This article describes how to modify automatically the setting so that the users get created with the required home directory permissions

Environment

PAM SC 14.X, PIM 14.X, PIM 12.8.X and 12.9.X

Resolution

This can be achieved via a POST script defined for the user command placed in the corresponding selang user exit directory of the endpoint

In particular the following script will set the home directory of the user just created to drwx------

 

# cd /opt/CA/PAMSC/exits/USER_POST

# vi S99CREATE_u_chmodhomedir.sh

#!/bin/sh

Set_Dir()
{
    case $1 in
      DIR=*)
        _DIR=`echo $parm | cut -c5-`            #L10N
      ;;
    esac
}

PARMS="[email protected]"

for parm in $PARMS; do
    Set_Dir $parm
done

chmod 777 $_DIR

exit 0

==================End of the script=============

 

Additional Information

The following link provides more information about selang exit scripts

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-identity-manager/14-0/administrating/endpoint-administration-for-unix/unix-exits/user-or-group-record-update-exits/specify-selang-exit-programs-to-run.html