Creating a role to run commands in a restricted shell

For Linux and UNIX computers, Centrify provides a customized Bourne shell, dzsh, to serve as a restricted shell environment. The dzsh restricted shell supports environment variables, job control, command history, and the command access rights you define.

To create a role that runs a restricted shell, do the following:

  • Create command rights for the restricted shell commands users are allowed to run.
  • Create a new role definition and set the System Rights for the role to allow password login, non‑password login, or both, and verify that the Login with Non-Restricted Shell option is not selected, then click OK to save the role definition.
  • Right-click the role, select Add Right, then select login-all or a specific PAM access right and the restricted shell command rights users are allowed to run, then click OK to save the changes to the role definition.

For more information about creating, assigning, and testing custom role definitions, see Customizing command execution attributes.