CdmCommandRight

Represents a UNIX command right. This object is only applicable in hierarchical zones. The following properties are defined for this object.

Property Type Description

AddVar

string

Comma separated list of environment variable name-value pairs to add to the final list resulting from KeepVar or DeleteVar property (e.g. "var1=a,var2=b,var3=c").

Authentication

string

The authentication type of the command right: none, user, or runastarget.

DeleteVar

string

Comma separated list of environment variables to remove from default set when command is run.

Description

string

Description of the command right.

Digests

string

Specifies SHA-2 digests so that sudo can verify the binary's checksum (SHA-2) before sudo executes the binary. The supported hash types are as follows:

  • sha224
  • sha256
  • sha384
  • sha512

DzdoRunAsGroup

string

Comma-separated string of groups allowed to run this command using dzdo (for example, "group1,group2,group3").

  • The asterisk wild card (*) means any group enabled for the zone can run the command.
  • An empty string ("") means the command cannot run as any group.

DzdoRunAsUser

string

Comma-separated list of users allowed to run this command using dzdo (for example, "user1,user2,user3").

  • The asterisk wild card (*) means any user enabled for the zone can run the command.
  • An empty string ("") means the command cannot run as any user.

DzshRunas

string

The user this command will run as under dzsh, '$' means current user.

IsAllowNested

Boolean

True if the command is allowed to start another program or open a new shell.

IsDisablePathTraverse

Boolean

True if the command does not allow navigation up the path hierarchy as an argument.

IsPreserveGroup

Boolean

True to retain the user’s group membership while executing a command.

IsRequireMfa

Boolean

Indicates whether the command right requires multi-factor authentication.

KeepVar

string

Comma separated list of environment variables to keep in addition to those in dzdo.env_keep when command is run.

MatchPath

string

The path for matching the command.

Name

string

Name of the command right.

Pattern

string

Command pattern for matching the command.

PatternType

string

The type of pattern—glob or regexp—used to match the command.

PreferredServer

string

Preferred server to use for committing changes to Active Directory.

Priority

int

Priority for this command; highest priority prevails.

SELinuxRole

string

Sets the SELinux security context to use the specified role when executing a command using dzdo or dzsh.

Applies to command rights on Red Hat Enterprise Linux systems that have SELinux enabled and are joined to a hierarchical zone.

SELinuxType

string

Sets the SELinux security context to use the specified type when executing a command using dzdo or dzsh.

Applies to command rights on Red Hat Enterprise Linux systems that have SELinux enabled and are joined to a hierarchical zone.

UMask

string

User file-creation mode mask (umask) value that defines who can execute the command.

Zone

CdmZone

Zone of the command right.