add_command_to_role

Use the add_command_to_role command to add a privileged UNIX command to the currently selected role that is stored in memory. The command must already exist. You can create privileged UNIX commands using new_dz_command.

The add_command_to_role command does not change the role as it is stored Active Directory. Running the command changes the role only in memory. You must save the role before the added command takes effect in Active Directory. If you select another role or quit ADEdit before saving the role, any commands you’ve added since the last save won’t take effect.

Zone Type

Classic and hierarchical

Syntax

add_command_to_role command[/zonename]

Abbreviation

acr

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument Type Description
command[/zonename] string Required. Specifies the name of an existing UNIX command to add to the currently selected role. If the UNIX command right that you want to add is defined in the current zone, the zonename argument is optional. If the UNIX command right is defined in a zone other than the currently selected zone, the zonename argument is required to identify the specific UNIX command right to add.

Return Value

This command returns nothing if it runs successfully.

Examples

add_command_to_role basicshell/global

This example adds the command basicshell, defined in the global zone, to the currently selected role.

Related Commands

Before you use this command, you must have a currently selected role stored in memory. The following commands enable you to view and select a role to work with:

  • get_role_commands returns a Tcl list of the UNIX commands for the role.
  • new_role creates a new role.
  • select_role retrieves a role from Active Directory.

The following commands enable you to work with a currently selected role:

  • add_pamapp_to_role adds a PAM application to the role.
  • delete_role deletes the selected role from Active Directory and from memory.
  • get_role_apps returns a Tcl list of the PAM applications for the role.
  • get_role_field reads a field value from the role.
  • list_role_rights lists of all privileged commands and PAM application rights for the role.
  • remove_command_from_role removes a UNIX command from the role.
  • remove_pamapp_from_role removes a PAM application from the role.
  • save_role saves the selected role with its current settings to Active Directory.
  • set_role_field sets a field value in the role.