DirectControl 5.2.3 on all platforms
When run as user audited by Centrify Direct Audit, 'dzdo -i' will get cdash instead of that user's original shell, thus failed the dzcmd check and user has to set and assign one more dzcmd for this.
The error below was given when failed stating that the shell is changed to use centrifyda:
Sorry, user xxxx is not allowed to execute '/bin/centrifyda -c ./test_dzdo.sh' as root on xxxx.
If a new command definition includes the centrifyda shell, the command can then be executed successfully.
The command will also run successfully if the dzdo is called without the "-i" parameter.
In previous release, when command level auditing is enabled then "dzdo -i" will fail until the right to run /bin/centrifyda or the audited shells command rights are granted to the role.
The issue is fixed to work with command auditing for DA in Suite 2015 or newer such that the audited command that using known shell can be run without granting the command rights to run the audited shell.
Note that, command rights still need to be granted to /bin/centrifyda when unknown shell is used in running the command.
This is now fixed in Server suite 2016.