Previous Topic: kblauditNext Topic: ldap

Reference GuideConfiguration FilesThe seos.ini Initialization Filelang

lang

In the [lang] section, the tokens specify the attributes used by the selang command language programs: selang, Security Administrator, and seadm.

check_password

Determines whether selang will request users to specify their own passwords. Valid values include:

no-selang does not require any passwords

yes-Users are prompted to enter their passwords.

Default: no

exit_timeout

Specifies the maximum time, in seconds, that CA ControlMinder allows the exit program to execute. After this time has passed, CA ControlMinder kills the exit program.

Default: 30

exits_dir

Specifies the target directory where exits are installed by the ACInstallDir/lbin/install_exits.sh shell script.

Default: ACInstallDir/exits

exits_source_dir

Specifies the source directory of the exits to be installed by the ACInstallDir/install_exits.sh shell script.

Default: ACInstallDir/samples/exits‑src

help_path

Specifies the directory in which lang help files are located.

Default: ACInstallDir/data/langhelp

language

Defines the language CA ControlMinder installs in (for internal use).

Default: english

max_groups_buffsize

Specifies the buffer size, in KB, that the security administrator uses when communicating with the database. This token is used when a UNIX update needs to be applied.

Default: 128

no_check_password_users

Specifies users who are not asked to enter their passwords.

This token is relevant only if the token check_password is set to yes.

Valid values include a list of users separated by commas.

Default: none

passwd_copy

Specifies how the machine password file (/etc/passwd) or PMDB password file (/PMDB_Directory/policies/pmdb/passwd) is updated when you copy the temporary file back to the original after changing user information.Valid values include:

fast_copy - Copies information over the file.

rename - Changes the directory to point to the new file.

Default: fast_copy

post_group_exit

Specifies the path of the exit program to be called after a group command is executed in the UNIX environment.

Default: ACInstallDir/exits/lang_exit.sh

post_user_exit

Specifies the path of the exit program to be called after a user command is executed in the UNIX environment.

Default: ACInstallDir/exits/lang_exit.sh

pre_group_exit

Specifies the path of the exit program to be called before a group command is executed in the UNIX environment.

Default: ACInstallDir/exits/lang_exit.sh

pre_user_exit

Specifies the path of the exit program to be called before a user command is executed in the UNIX environment.

Default: ACInstallDir/exits/lang_exit.sh

query_size

Specifies the maximum number of records to be listed in a database query.

Default: 100

RecvTimeOut

Specifies the maximum time, in seconds, that selang will wait to receive information before timing out.

If you set the value to 0, there will be no time-out.

Default: 60

SendTimeOut

Specifies the maximum time, in seconds, that selang will wait to send information before timing out.

If you set the value to 0, there will be no time-out.

Default: 60

SetBlockRun

Specifies whether to check if a program is trusted and block the execution of untrusted programs. The execution blocking is performed regardless whether the program is a setuid or a regular program.

Valid values include the following:

yes-All programs defined with viapgm authorization rules have the blockrun property set to yes.

no-All programs defined with viapgm authorization rules have the blockrun property set to no.

suid-All setuid programs have the blockrun property set to yes, and all other programs have the blockrun property set to no.

Default: yes

swap_deletion_order

Defines the order in which the "ru userName unix" command (user deletion) is executed in selang. Normally, this command is first executed in the AC environment, and then in the UNIX environment. In some cases (for example, a group administrator deleting a user) where you would want to reverse this order.

Valid values are:

no - remove the user from the AC environment before the UNIX environment.

yes - remove the user from the UNIX environment before the AC environment.

Default: no

timeout

Specifies the maximum time, in seconds, the client waits for seosd daemon to respond. If seosd does not respond within this period, an error message is sent noting that seosd is not responding. The client then stops trying to connect to seosd.

Default: 90

use_old_commands

Specifies whether to disable old ACF2™ compatibility commands (ag, lg, rg, lu, au, and so on).

Limits: 0—do not support old commands, 1—support old commands

Default: 1 (support old commands)

use_unix_file_owner

Specifies whether a UNIX owner of a file can define the file to CA ControlMinder. If the value is yes, an owner of a file in UNIX can define it to CA ControlMinder, using the newres or newfile command.

If the file is already defined to CA ControlMinder, the user cannot change its parameters in the database unless the user is allowed to do so according to the normal CA ControlMinder authorization rules.

Valid values are yes and no.

Default: no