Set secure paths for command execution in dzdo

Specify the path for the dzdo program to use when executing commands and scripts that require privileges to run.

If you set this group policy to Not Configured or Disabled, no specific path is set (that is, there is no default value). If you set this group policy to Enabled, you can specify the directory that dzdo uses. The dzdo program will execute only the commands and scripts that are located in the directory that you specify.

The path that you specify can be a list of directories or the name of a file that contains the list of directories. For example, you can specify a file that contains the directories to search using the file: keyword and a file location:

file:/etc/centrifydc/customized_dzdo_directories

Within the file, lines should contain paths separated by colons. For example, a file specifying two paths might look this this:

/etc/centrifydc/reports/exec_report_cmds:/usr/sbin/ora_cmds

If you specify a file name, you should ensure the file is owned by root and not accessible to any other users.

Setting this group policy and the Set paths for command searching in dzdo group policy to the same path is equivalent to setting the secure_path parameter in the sudoers configuration file.

This group policy modifies the dzdo.secure_path setting in the agent configuration file.