CLEARCASE_PRIMARY_GROUP variable defaults to Domain Users

Technote (troubleshooting)


Problem(Abstract)

This technote explains why setting the IBM® Rational® ClearCase® variable CLEARCASE_PRIMARY_GROUP to an invalid group no longer shows that the group is invalid, rather it defaults to the primary group set on the Windows® domain controller (Domain Users by default) when viewed from the creds or credmap utility.

Symptom

In ClearCase 2002.05.00 and 2003.06.00, setting the CLEARCASE_PRIMARY_GROUP to an invalid group no longer shows that the group is invalid when viewed from creds or credmap.

Creds defaults to the users primary group on the Domain Controller (which is Domain Users by default).

Note: For both of the following creds outputs the CLEARCASE_PRIMARY_GROUP variable is set to test1 which the user does not belong:

In 4.x versions of ClearCase when an invalid group (one that the user is not a member of) was set as the users CLEARCASE_PRIMARY_GROUP the creds output was as follows:
**********************************************************************************************

C:\Program Files\Rational\ClearCase\etc\utils>creds
Login name: DOMAIN\user1
USID: NT:S-1-5-21-141845252-1443263951-584457872-2056
*** Can't get primary group SID
*** You may not be a member of the "test1" group.
*** Can't get group info for current process primary group SID "NOBODY"
Groups: (10)
DOMAIN\user (NT:S-1-5-21-141845252-1443263951-584457872-1023)
Everyone (NT:S-1-1-0)
BUILTIN\Users (NT:S-1-5-32-545)
BUILTIN\Administrators (NT:S-1-5-32-544)
DOMAIN\Domain Users (NT:S-1-5-21-141845252-1443263951-584457872-513)
DOMAIN\Domain Admins (NT:S-1-5-21-141845252-1443263951-584457872-512)
DOMAIN\clearcase (NT:S-1-5-21-141845252-1443263951-584457872-1022)
LOCAL (NT:S-1-2-0)
NT AUTHORITY\INTERACTIVE (NT:S-1-5-4)
NT AUTHORITY\Authenticated Users (NT:S-1-5-11)

You do not have ClearCase administrative privileges.
**********************************************************************************************

In ClearCase 2002.05 patched up to 15 or higher the creds output appears as follows:
**********************************************************************************************
C:\Program Files\Rational\ClearCase\etc\utils>creds
Login name: DOMAIN\user1
USID: NT:S-1-5-21-141845252-1443263951-584457872-2056
Primary group: DOMAIN\Domain Users (NT:S-1-5-21-141845252-1443263951-584457872-1023)
Groups: (10) Everyone (NT:S-1-1-0)
HOST1\Debugger UsersT(:S-1-5-21-329068152-287218729-682003330-1006)
BUILTIN\Administrators (NT:S-1-5-32-544)
BUILTIN\Users (NT:S-1-5-32-545)
DOMAIN\users (NT:S-1-5-21-141845252-1443263951-584457872-513)
DOMAIN\Domain Admins (NT:S-1-5-21-141845252-1443263951-584457872-512)
DOMAIN\clearcase (NT:S-1-5-21-141845252-1443263951-584457872-1022)
LOCAL (NT:S-1-2-0)
NT AUTHORITY\INTERACTIVE (NT:S-1-5-4)
NT AUTHORITY\Authenticated Users (NT:S-1-5-11)

You have ClearCase administrative privileges.
**********************************************************************************************
In the above examples the primary group on the domain controller was Domain Users.
So it appears that in ClearCase 2002.05.00 patch 15 and later, creds is defaulting to the users primary domain group if the group that is set is invalid.



Cause

Defect APAR IC45699 has been submitted to investigate this issue.


Diagnosing the problem

Review technote 1135509 for more information about the CLEARCASE_PRIMARY_GROUP variable.


Resolving the problem


The decision was made by Product Management to exclude the resolution of this defect from future upgrades and releases.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Rational ClearCase
Environment Variables

Software version:

2002.05.00, 2003.06.00

Operating system(s):

Windows

Reference #:

1147322

Modified date:

2011-03-15

Translate my page

Machine Translation

Content navigation