get_role_commands command to return a Tcl list of UNIX commands associated with the currently selected role. The
get_role_commands command does not query Active Directory for the role. If you change commands associated with the current role using ADEdit without saving the role to Active Directory, the commands you retrieve using
get_role_commands won’t match the same commands for the role stored in Active Directory.
You can only use the
get_role_commands command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.
Classic and hierarchical
This command takes no options.
This command takes no arguments.
This command returns a Tcl list of commands associated with the currently selected role. Each command in the list shows the command name followed by a slash (/) and the zone in which the command is defined.
This example returns the list of commands:
pwd/global ls/global cd/childzone1
Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select the role to work with:
- get_roles returns a Tcl list of roles in the current zone.
- list_roles lists to
stdoutthe roles in the current zone.
- new_role creates a new role and stores it in memory.
- select_role retrieves a role from Active Directory and stores it in memory.
After you have a role stored in memory, you can use the following commands to work with that role’s attributes, delete the role, or save information for the role:
- add_command_to_role adds a UNIX command to the currently selected role.
- add_pamapp_to_role adds a PAM application to the currently selected role.
- delete_role deletes the selected role from Active Directory and from memory.
- get_role_apps returns a Tcl list of the PAM applications associated with the currently selected role.
- get_role_field reads a field value from the currently selected role.
- list_role_rights returns a list of all UNIX commands and PAM applications associated with the currently selected role.
- remove_command_from_role removes a UNIX command from the currently selected role.
- remove_pamapp_from_role removes a PAM application from the currently selected role.
- save_role saves the selected role with its current settings to Active Directory.
- set_role_field sets a field value in the currently selected role.