Unix Listener configuration file
The Unix Listener configuration file is written using Key-Value Group (KVGroup) syntax.
The default /etc/psunix.cfg file contains a KVGroup for each configuration option that you can edit.
In general, account operations (verify, create, list) are built-into the Unix Listener. You can add additional KVGroups with a PSLang script. Do this, for example, if you are managing application accounts.
In the configuration file, lines that begin with # are comments. These lines and blank lines are ignored.
Configuration options
You can set the following options in the configuration file:
facility By default the logger directs any logging to syslog through the LOG_USER facility. Use this setting to direct the logging to another syslog facility. See Logging for more information.
Example:
facility = "LOG_USER";
level The log level option allows the logger to filter content of a specified level and higher out of syslog. Higher logging levels result in more verbose entries in syslog.
Valid logging levels:
nolog=0
error=1
warning=2
notice=3
info=4
debug=5
See Logging for more information.
Example:
level = "5";
include -dir Describes the location of the psunix.d configuration directory. See The psunix configuration directory for more information.
Example:
include-dir = "/etc/psunix.d";
commkey Defines the private key used for encryption. This key must match the one set during installation on the Bravura Security Fabric server.
Example:
commkey = "<encrypted commkey value>";
passwd-path Defines an alternate path to the password database file where all user information is stored. If it is not specified (default behavior), the location is /etc/passwd.
Example:
passwd-path = "/var/yp/passwd";
shadow-path Defines an alternate path to the shadow database file where all user password information is stored. If it is not specified (default behavior), the location is /etc/shadow.
Example:
shadow-path = "/var/yp/shadow";
group Defines an alternate path to the group database file where all group information is stored. If it is not specified (default behavior), the location is /etc/group.
Example:
group-path = "/var/yp/group";
gshadow-path Defines an alternate path to the group shadow database file where all group password information is stored. If is is not specified (default behavior), the location is /etc/gshadow. If this configuration option is not applicable then leave it unconfigured.
Example:
gshadow-path = "/var/yp/gshadow";
restricted-user-list Restrict these users from psunix and Bravura Security Fabric operations, (except the list operation). The accounts are listed in a colon-separated list.
Example:
restricted-user-list = "root:psadmin:joesomebody" ;
pslang-override-path Specifies a script file that allows users to script PSLang code that either overrides the built-in psunix operation, or adds pre/post operations that augment the built-in operations.
Example:
pslang-override-path = "/usr/local/psunix/<instance>/pslang-override.psl";
archive-homedir-path Specifies the directory to place the archived home directories in when users are removed from the system. This value must point to an existing directory. If it is not specified (default behavior), or points to an invalid directory, the users home directory will not be removed/archived when they are deleted.
Example:
archive-homedir-path = "/homedir_archive/";
tcb-retire Specifies if users should be retired when Bravura Security Fabric performs a delete request. This configuration option only applies to systems that have Trusted Computing Base (TCB) installed. C2 Security compliance requires that userid’s are never removed or reused, as such the default behavior for ’Trusted’ systems is to retire users. This can be overridden by setting this configuration option to false.
Example:
tcb-retire = "true" ;