Testing Command Rights

After command rights have been defined, added to role definitions, and assigned, you can use dzinfo --test “command” to check whether you have permission to execute a specific command. You can use the dzinfo username --test “command” command to check whether a specified user has permission to run a specified command. If you want to use the dzinfo program to view command rights for other users, however, you must have root permission.

To check for command rights, you must enter the complete path to the command and enclose the command in single or double quotes. For example, to test whether the user, qa1 has a command right that allows execution of the id command as root, you could run the following command on a Linux or UNIX computer:

[user1@rh5]# dzinfo qa1 --test “/bin/id”

Depending on the role definition and the user’s role assignment, the command might display information similar to this:

Testing: User = qa1 command = /bin/id

User qa1 can run the command as 'root' via dzdo, authentication will not be required, noexec mode is off