Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-3057: How to allow local UNIX users to execute root equivalent commands via dzdo.

Authentication Service ,  

12 April,16 at 11:08 AM

Applies to: Centrify DirectControl 5.1.0 and higher.



There are users that are still local to the UNIX environment and does not have an account in Active Directory.

How can these local UNIX users be allowed to have access and/or privileges to run specific root like commands via dzdo?




In CentrifySuite 2013 (5.1.0), roles can be assigned to both Active Directory users and local UNIX and Windows users if the role is configured to allow assignments to local users.


Note: This configuration is not available in previous versions of Centrify DirectControl.


In the Centrify DirectManage Access Manager (Centrify DirectControl console in earlier versions):


1) When creating a role, configure it to allow local user account by checking the box: "Allow adding local accounts to this role" 

Note: PAM Access and SSH Rights are not applicable to local accounts. A role accept local accounts will not contain any of these rights. 


2) To this role, assign the rights (command) to allow for the local UNIX users via dzdo. 


3) In the Role assignment, add the local UNIX users account to the role. 


For more information on creating Role for local UNIX user account, please refer the documentation : 

Administrator’s Guide for UNIX: Chapter 10 - Authorizing users (page 175-178)