To implement group policies for UNIX computers and users, you need to create the custom scripts or programs that modify the appropriate UNIX configuration files or settings. You can create the programs or scripts using the programming or scripting language of your choice. Most of the Centrify policies use Perl scripts and you can use those scripts for models if you choose to use Perl.
Once you create a program or script to implement a group policy, you need to:
- Place the program or script in the
/usr/share/centrifydc/mappers/machinedirectory if it is a computer configuration group policy, or in the
/usr/share/centrifydc/mappers/user/user_namedirectory if it is a user configuration group policy.
- Make the program or script an executable file.
- Use the
runmapperscommand to test that the program or script works as expected and updates the appropriate configuration file.
By default, when you use the
runmappers command, it executes all of the programs in both the
/usr/share/centrifydc/mappers/machine and the
/usr/share/centrifydc/mappers/user/user_name directories. Optionally, you can run the command to only execute your custom program. For example, if you have created an executable script called
setport.pl as a UNIX computer configuration policy and placed the file in the
/usr/share/centrifydc/mappers/machine directory, you could use a command similar to the following to execute the script along with the other computer configuration mapper programs and test its behavior:
runmappers machine map
Note: To run the mapping programs for a user, you must specify the user’s UNIX login name to identify which user’s group policies should be mapped or unmapped. For example, to run the mapping programs for the UNIX user account
jgarcia in the
/usr/share/centrifydc/mappers/user/jgarcia directory, you could use a command similar to the following:
runmappers user jgarcia map