get_dzc_field
Use the get_dzc_field
command to return the value for a specified field from the currently selected command object that is stored in memory.
The get_dzc_field
command does not query Active Directory for the command. If you change field values using ADEdit without saving the command to Active Directory, the field value you retrieve using get_dzc_field
won’t match the same field value for the command stored in Active Directory.
You can only use the get_dzc_field
command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.
Zone type
Classic and hierarchical
Syntax
get_dzc_field field
Abbreviation
gdzcf
Options
This command takes no options.
Arguments
This command takes the following arguments:
Argument | Type | Description |
field |
string |
Required. Specifies the case-sensitive name of the field whose value to retrieve. The possible values are:
Note that |
Getting the cmd and path field values
If you specify the cmd
and path
fields, the return value can be a string that uses wild cards (*, ?, and !), or a regular expression. If the cmd
and path
strings use wild cards, an asterisk (*) matches zero or more characters, a question mark (?) matches exactly one character, and the exclamation mark (!) negates matching of the specified string.
For both the cmd
and path
fields, the form
field indicates whether the specified string is interpreted as a regular expression or as a string that includes wild cards.
Getting environment variable field values
If you specify the keep
, del
, or add
field, the return value is a comma-separated list of environment variables. The keep
, del
, and add
fields control the environment variables used by the commands specified by the cmd
string. The keep
and del
settings are mutually exclusive:
- The
keep
field only takes effect if the flag16
is included in the setting for the flagfield
. - The
del
field only takes effect if the flag16
is not included in the setting for theflag
field.
Any environment variables kept or deleted are in addition to the default set of the user’s environment variables that are either retained or deleted. The default set of environment variables to keep is defined in the dzdo.env_keep
configuration parameter in the centrifydc.conf
file. The default set of environment variables to delete is defined in the dzdo.env_delete
configuration parameter in the centrifydc.conf
file.
The add
field returns the environment variables added to the final set of environment variables resulting from the keep
or del
fields.
Getting the command priority field value
If you specify the pri
field, the return value indicates the command priority when there are multiple matches for command strings in a command object. If there are multiple commands specified by this command object, the pri field specifies the specifies their relative priority. The higher the value returned by this field, the higher the command’s priority.
Getting the umask field value
If you specify the umask
field, the return value is a 3-digit octal value that defines who can read, write, and execute the selected command object. The three digits of the umask
field specify the read, write, or execute permission for the file owner, group, and other users. The left digit defines the owner execution rights, the middle digit defines the group execution rights, and the right digit defines execution rights for other users. Each digit is a combination of binary flags, one flag for each right as follows:
- 4 is read
- 2 is write
- 1 is execute
These values are added together to define the rights available for each entity. For example, a umask
value of 600 indicates read and write permission (4+2) for the owner, but no permissions for the group or other users. Similarly, a umask
value of 740 indicates read, write, execute permissions (4+2+1) for the owner, read permissions for the group, but no permissions for other users.
Getting command properties from the flags field value
If you specify the flags field, the return value is an integer that defines a combination of binary flags, with one flag for each of the following properties:
1—Prevents nested command execution. If this flag value is not set, nested command execution is allowed.
2—Requires authentication with the user’s password.
4—Requires authentication with the run-as user’s password.
8—Preserves group membership. If this flag value is not set, group membership is not preserved.
16—Resets environment variables for the command, deleting the variables specified in the dzdo.env_delete
parameter and keeping the variables specified in the keep
field. If this flag is not set, the command removes the unsafe environment variables specified in the dzdo.env_delete
parameter along with any additional environment variables specified by the del
field.
32—Requires multi-factor authentication to execute the command.
64—Prevents navigation up the path hierarchy when executing the command.
These values are added together to define the value for the flags
field. For example, a flags
field value of 11 indicates that nested command execution is not allowed (1), the command requires authentication using the user’s password (2), and the user’s group membership should be preserved (8). The value returned is the sum of these flags (1+2+8).
Return value
This command returns a field value, which varies in type depending on the data type stored by the field.
Examples
get_dzc_field dzdo_runas
returns: root
Related commands
Before you use this command, you must have a currently selected zone stored in memory. The following commands enable you to view and select a UNIX command to work with:
- get_dz_commands returns a Tcl list of UNIX commands in the current zone.
- list_dz_commands lists to
stdout
the UNIX commands in the current zone. - new_dz_command creates a new UNIX command and stores it in memory.
- select_dz_command retrieves a UNIX command from Active Directory and stores it in memory.
After you have a UNIX command stored in memory, you can use the following commands to work with that command:
- delete_dz_command deletes the selected command from Active Directory and from memory.
- save_dz_command saves the selected command with its current settings to Active Directory.
- set_dzc_field sets a field value in the currently selected command.