Verifying administrative privileges

You now have two role assignments—Login Users and EnterpriseUnixAdmins—in the zone. Any Active Directory user you add to the Login Users group and provision a UNIX profile for will have access rights but no administrative privileges on the computers in the zone. Any Active Directory users you add to the EnterpriseUnixAdmins group and provision a UNIX profile for will be able to run any command with root-level permissions using their Active Directory credentials.

The Active Directory user you added to the EnterpriseUnixAdmins group can now log on and run privileged commands on the UNIX or Linux computers you are using for evaluation.

To verify the user can run privileged commands using Active Directory credentials

  1. Log on to the Linux or UNIX computer using the Active Directory logon name and password you created for the UNIX administrator.
  2. Open a terminal on the Linux or UNIX computer.
  3. Run a command that requires root-level privileges.

    For examples, run the dzinfo command to view the rights and roles for the UNIX Login user you created Adding and provisioning an evaluation user and group.

    dzinfo user_name

    Because you are logged on as the Active Directory user and not invoking the command using your role assignment, the command displays an error message indicating that you are not allowed to view authorization information for another user.

  4. Re-run the command using your role assignment by typing dzdo before the command.

    dzdo dzinfo user_name

    The command runs successfully and returns information about the evaluation user similar to this partial output.

    User: lois.lane
    Forced into restricted environment: No

    Role Name Avail Restricted Env
    --------------- ----- --------------
    UNIXLogin/Headquarters Yes None
    Effective rights: Password login
    Non password login
    Allow normal shell

    Audit level:
    AuditIfPossible