Require runas user for dzdo

Specify whether a user must explicitly identify the ‘runas’ user when executing a command with dzdo.

If you set this group policy to Not configured or Enabled, and a user executes a command with dzdo and does not explicitly identify the user or group to run as with the -u or -g option, adclient assumes that the command should be run as root. If the user is not authorized to run the command as root, dzdo fails to execute the command and issues an error message.

If you set this group policy to Disabled and a user executes a command with dzdo that does not explicitly identify the user or group to run as, adclient attempts to resolve the user. If the command defines a single runas user, dzdo executes the specified command and sends a message to the log file.

If the command defines multiple runas users, dzdo cannot resolve the user to run as and attempts to run the command as root. Because the user is not authorized to run the command as root, dzdo fails to execute the command and issues an error message.

In all cases, a user can execute a command successfully with dzdo by using the -u option to explicitly identify the runas user. For example:

[u1@rh6]$dzdo -u qa1 adinfo

This group policy modifies the dzdo.set.runas.explicit setting in the agent configuration file.