Use the get_role_rs_env command to return the restricted shell environment from the currently selected role that is stored in memory.

The get_role_rs_env command does not query the data stored in Active Directory for the role. If you change the restricted shell environment in ADEdit without saving the role to Active Directory, the value you retrieve using get_role_rs_env won’t match the same value for the role that is stored in Active Directory.

You can only use the get_role_rs_env command if the currently selected zone is a classic4 zone. The command does not work in other types of zones.

Zone type

Classic only






This command takes no options.


This command takes no arguments.

Return value

This command returns the restricted shell environment of the currently selected role if it runs successfully. If the currently selected role does not require a restricted shell environment, the command returns nothing.



This example returns the restricted shell environment if it exists for the selected role:


Related commands

Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select the role to work with:

  • get_roles returns a Tcl list of roles in the current zone.
  • list_roles lists to stdout the roles in the currently selected zone.
  • new_role creates a new role and stores it in memory.
  • select_role retrieves a role from Active Directory and stores it in memory.

After you have a role stored in memory, you can use the following commands to work with restricted shells:

  • list_rs_envs lists to stdout the restricted shell environments.
  • new_rs_env creates a new restricted shell environment and stores it in memory.
  • save_rs_env saves the restricted shell environment to Active Directory.
  • select_rs_env retrieves a restricted shell environment from Active Directory and stores it in memory.