remove_command_from_role

Use the remove_command_from_role command to remove a UNIX command from the currently selected role stored in memory.

The remove_command_from_role command does not change the role as it is stored in Active Directory. You must save the role before the removed command takes effect in Active Directory. If you select another role or quit ADEdit before saving the role, any UNIX commands you have removed since the last save won’t take effect.

You can only use the remove_command_from_role command if the currently selected zone is a classic4 or hierarchical zone. The command does not work in other types of zones.

Zone type

Classic and hierarchical

Syntax

remove_command_from_role command[/zonename]

Abbreviation

rcfr

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument Type Description

command[/zonename]

string

Required. Specifies the name of a UNIX command to remove from the currently selected role.

If the UNIX command that you want to remove is defined in the current zone, the zonename argument is optional. If the UNIX command right is defined in a zone other than the currently selected zone, the zonename argument is required to identify the specific command to remove.

Return value

This command returns nothing if it runs successfully.

Examples

remove_command_from_role basicshell/global

This example removes the UNIX command named basicshell, which is defined in the global zone, from the currently selected role.

Related commands

Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select the role to work with:

  • get_roles returns a Tcl list of roles in the current zone.
  • list_roles lists to stdout the roles in the current zone.
  • new_role creates a new role and stores it in memory.
  • select_role retrieves a role from Active Directory and stores it in memory.

After you have a role stored in memory, you can use the following commands to work with that role:

  • add_command_to_role adds a UNIX command to the current role.
  • add_pamapp_to_role adds a PAM application to the current role.
  • delete_role deletes the selected role from Active Directory and from memory.
  • get_role_apps returns a Tcl list of the PAM applications associated with the current role.
  • get_role_commands returns a Tcl list of the UNIX commands associated with the current role.
  • list_role_rights returns a list of all UNIX commands and PAM applications associated with the current role.
  • remove_pamapp_from_role removes a PAM application from the current role.
  • save_role saves the selected role with its current settings to Active Directory.
  • set_role_field sets a field value in the current role.