get_dzc_field command does not query Active Directory for the command. If you change field values using ADEdit without saving the command to Active Directory, the field value you retrieve using
get_dzc_field won’t match the same field value for the command stored in Active Directory.
You can only use the
get_dzc_field command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.
Classic and hierarchical
This command takes no options.
This command takes the following arguments:
Required. Specifies the case-sensitive name of the field whose value to retrieve. The possible values are:
Getting the cmd and path field values
If you specify the
path fields, the return value can be a string that uses wild cards (*, ?, and !), or a regular expression. If the
path strings use wild cards, an asterisk (*) matches zero or more characters, a question mark (?) matches exactly one character, and the exclamation mark (!) negates matching of the specified string.
For both the
path fields, the
form field indicates whether the specified string is interpreted as a regular expression or as a string that includes wild cards.
Getting environment variable field values
If you specify the
add field, the return value is a comma-separated list of environment variables. The
add fields control the environment variables used by the commands specified by the
cmd string. The
del settings are mutually exclusive:
keepfield only takes effect if the flag
16is included in the setting for the flag
delfield only takes effect if the flag
16is not included in the setting for the
Any environment variables kept or deleted are in addition to the default set of the user’s environment variables that are either retained or deleted. The default set of environment variables to keep is defined in the
dzdo.env_keep configuration parameter in the
centrifydc.conf file. The default set of environment variables to delete is defined in the
dzdo.env_delete configuration parameter in the
add field returns the environment variables added to the final set of environment variables resulting from the
Getting the command priority field value
If you specify the
pri field, the return value indicates the command priority when there are multiple matches for command strings in a command object. If there are multiple commands specified by this command object, the pri field specifies the specifies their relative priority. The higher the value returned by this field, the higher the command’s priority.
Getting the umask field value
If you specify the
umask field, the return value is a 3-digit octal value that defines who can read, write, and execute the selected command object. The three digits of the
umask field specify the read, write, or execute permission for the file owner, group, and other users. The left digit defines the owner execution rights, the middle digit defines the group execution rights, and the right digit defines execution rights for other users. Each digit is a combination of binary flags, one flag for each right as follows:
- 4 is read
- 2 is write
- 1 is execute
These values are added together to define the rights available for each entity. For example, a
umask value of 600 indicates read and write permission (4+2) for the owner, but no permissions for the group or other users. Similarly, a
umask value of 740 indicates read, write, execute permissions (4+2+1) for the owner, read permissions for the group, but no permissions for other users.
Getting command properties from the flags field value
If you specify the flags field, the return value is an integer that defines a combination of binary flags, with one flag for each of the following properties:
1—Prevents nested command execution. If this flag value is not set, nested command execution is allowed.
2—Requires authentication with the user’s password.
4—Requires authentication with the run-as user’s password.
8—Preserves group membership. If this flag value is not set, group membership is not preserved.
16—Resets environment variables for the command, deleting the variables specified in the
dzdo.env_delete parameter and keeping the variables specified in the
keep field. If this flag is not set, the command removes the unsafe environment variables specified in the
dzdo.env_delete parameter along with any additional environment variables specified by the
32—Requires multi-factor authentication to execute the command.
64—Prevents navigation up the path hierarchy when executing the command.
These values are added together to define the value for the
flags field. For example, a
flags field value of 11 indicates that nested command execution is not allowed (1), the command requires authentication using the user’s password (2), and the user’s group membership should be preserved (8). The value returned is the sum of these flags (1+2+8).
This command returns a field value, which varies in type depending on the data type stored by the field.
Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a UNIX command to work with:
- get_dz_commands returns a Tcl list of UNIX commands in the current zone.
- list_dz_commands lists to
stdoutthe UNIX commands in the current zone.
- new_dz_command creates a new UNIX command and stores it in memory.
- select_dz_command retrieves a UNIX command from Active Directory and stores it in memory.
After you have a UNIX command stored in memory, you can use the following commands to work with that command: