Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-6400: Unable to set Environment variable using DZDO as root

Authentication Service ,  

12 April,16 at 10:39 AM

Applies to:
CDC version 5.2.3 on All Platforms

Problem:
Unable to set Environment variable using DZDO as root

root@angmar:~$ dzdo LD_LIBRARY_PATH=ahooo/wahooo ls
>dzdo: sorry, you are not allowed to set the following environment variables: LD_LIBRARY_PATH

Cause:
In current dzdo codes, upon the default hard-coded env_* lists, 
we always update by appending the dzcmd/dzdo.env_* data to them, not replacing.

Workaround:
For such lists settings, do clear then add rather than append.
Note: for sudoers: the lists can be replaced, added to, deleted from, or disabled 
by using the =, +=, -=, and ! operators respectively.
we support only as '=' now after this fix, and support as '+=' before.

Resolution:
In Suite 2016 release, the customizing environment variables for command execution through dzdo commands settings or centrifydc.conf options, the listed set values replaces the existing list rather than be added onto them in prior releases. Please note this may affect the current dzdo use, for example, if a machine has centrifydc.conf option 'dzdo.env_keep' set as 'dzdo.env_keep: VAR', then now only 'VAR' is in the list to be kept, all others in the default list such as 'PATH', 'KRB5CCNAME' will be removed. User may need to check and update them for this.
 
Note that only the environment variables you explicitly specify are retained and those environment variables will replace the default set of environment variables, rather than append the default set of environment variables. You can use Access Manager or dzdo.env_* configuration parameters in the centrifydc.conf file to control the list of environment variables to use when executing commands. For example, you can set the dzdo.env_keep configuration parameter in the centrifydc.conf file to keep a specific set of environment variables like this: dzdo.env_keep: VAR 
With this setting, only the VAR environment variable is defined for the list of environment variables to keep. All other environment variables, including the default list of user environment variables—such as PATH and KRB5CCNAME—are removed.



 

Related Articles

 articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6038: How to specify the license type to use when joining the server to AD using adjoin? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-3925: How to add Centrify parameter to a group policy article[Labs] Integrating ServiceNow Approvals to Centrify-enhanced sudo using the dzdo validator