Define a command that allows root access

The steps for defining a right for switching to the root user are similar to defining the right to run commands for the root-equivalent user, but Centrify recommends you create a separate right definition for this case.

To create the right to switch to the root user:

  1. Open Access Manager.
  2. Expand Zones and the individual parent or child zones required to select the zone name where you want to create the new command right.
  3. Expand Authorization > UNIX Right Definitions.
  4. Select Commands, right-click, then click New Command.
  5. On the General tab, type a name, such as emergency_access, for this command right and, optionally, a description for this right, then define the right to switch to the root user:

    • Type the command for switching to the root user. For example, type su - root in the Command field.
    • Verify Standard user path is selected.
  6. Click the Restricted Shell tab and verify Can be used in a restricted role and User running the command are selected.

    These options enable you to use this command right in combination with other rights in a role definition that requires a restricted shell environment.

  7. Click the Run As tab and verify Can be used by dzdo and Any user are selected, then click OK.

    In most cases, you can leave the default settings for the other properties. If you want to make changes, click the Environment and Attributes tabs before saving the new command.