Defining command rights and a new role for Apache administrators

You are now ready to create the privileged commands and role definition for the Apache administrators much as you did for the UNIX administrators. However, in this scenario, you will add the following new commands:

Command name Command Purpose

web_edit_http_config

vi /etc/httpd/conf

Edit the httpd daemon configuration file

web_apachectl

apachectl *:

Front end command for managing the httpd daemon

web_httpasswd

htpasswd *

Create and update HTTP server user name and password file

These commands will be added to a new role definition, ApacheAdminRights. As an alternative to creating the commands and role manually using Access Manager, as you did in the previous section, the following steps illustrate how you can use an ADEdit script.

ADEdit is a command-line scripting environment included with the Centrify UNIX agent. You can use ADEdit commands and scripts to modify Active Directory objects interactively directly from a UNIX or Linux computer terminal. The sample script ApacheAdminRole illustrates how you can use an ADEdit script to create UNIX rights and an Apache administrator role. This sample script is located in the /usr/share/centrifydc/samples/adedit directory on the UNIX or Linux computer where you have installed the Centrify agent.

To create the ApacheAdmin commands and the ApacheAdminRights role

  1. Log on to the Linux or UNIX computer using the Active Directory logon name and password you created for the UNIX administrator.
  2. Open a terminal on the Linux or UNIX computer.
  3. Change the directory to /usr/share/centrifydc/samples/adedit.
  4. Run the ApacheAdminRole script.

    ./ApacheAdminRole

    If you see the error /bin/env: bad interpreter: No such file or directory, try changing the first line in the script to #!/usr/bin/env adedit.

  5. Follow the prompts displayed to provide the following information for connecting to Active Directory:

    • Domain name.
    • The Active Directory account name that has administrator privileges in the organizational unit you’re using for the Centrify zones.
    • The password for the Active Directory account.
  6. Select the zone from the list of zones in your domain.

    For example, enter 2 to create the commands and role in the Nevada child zone or 3 to create the commands and role in the Delaware zone. The script then creates the commands and the role in the selected zone.