add_command_to_role
Use the add_command_to_role
command to add a privileged UNIX command to the currently selected role that is stored in memory. The command must already exist. You can create privileged UNIX commands using new_dz_command
.
The add_command_to_role
command does not change the role as it is stored Active Directory. Running the command changes the role only in memory. You must save the role before the added command takes effect in Active Directory. If you select another role or quit ADEdit before saving the role, any commands you’ve added since the last save won’t take effect.
Zone type
Classic and hierarchical
Syntax
add_command_to_role command[/zonename]
Abbreviation
acr
Options
This command takes no options.
Arguments
This command takes the following argument:
Argument | Type | Description |
command[/zonename] |
string |
Required. Specifies the name of an existing UNIX command to add to the currently selected role. If the UNIX command right that you want to add is defined in the current zone, the zonename argument is optional. If the UNIX command right is defined in a zone other than the currently selected zone, the zonename argument is required to identify the specific UNIX command right to add. |
Return value
This command returns nothing if it runs successfully.
Examples
add_command_to_role basicshell/global
This example adds the command basicshell
, defined in the global
zone, to the currently selected role.
Related commands
Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select a role to work with:
- get_role_commands returns a Tcl list of the UNIX commands for the role.
- new_role creates a new role.
- select_role retrieves a role from Active Directory.
The following commands enable you to work with a currently selected role:
- add_pamapp_to_role adds a PAM application to the role.
- delete_role deletes the selected role from Active Directory and from memory.
- get_role_apps returns a Tcl list of the PAM applications for the role.
- get_role_field reads a field value from the role.
- list_role_rights lists of all privileged commands and PAM application rights for the role.
- remove_command_from_role removes a UNIX command from the role.
- remove_pamapp_from_role removes a PAM application from the role.
- save_role saves the selected role with its current settings to Active Directory.
- set_role_field sets a field value in the role.