IBM Support

Summary of protection commands and utilities used with ClearCase

Technote (FAQ)


Question

What documentation is available for various commands and utilities to find, fix or change the protections in IBM® Rational® ClearCase® VOBs and views?

Answer

For more information on these commands, refer to IBM Rational ClearCase Administrator's Guide and or IBM Rational ClearCase Command Reference.
Utilities for Finding and Changing Protections

Rational ClearCase includes three utility programs for finding and changing VOB and view storage directory protections:

fix_prot (utility, located in <clearcase home>/etc/utils)
This utility affects the file system objects (for example the source containers) of a view or VOB. The fix_prot utility actually adjusts the Microsoft® Windows® permissions (ACL's) and the UNIX® or Linux® permissions to the .vbs directory in a way that ClearCase can understand.

More information can be found in the IBM Rational ClearCase Administrator's Guide in the Troubleshooting section.

  • Common scenarios: Repairing permissions damaged when the computer crashed; repairing permissions after a VOB or view is moved to a new location.

Example syntax can be seen in technote 1142606.


vob_sidwalk (utility, located in the <clearcase home>/etc/utils directory)
This utility fixes storage directory protections for schema version 54 VOBs. It can also be used to change ownership on VOB objects.

Review the ClearCase Command Reference Guide on the topic of vob_sidwalk ( cleartool man vob_sidwalk) for more information.
  • Common scenarios: adjusting the groups after changing the domain name; fixing a recreated group

Example syntax can be seen in technote 1256390.


lsacl (utility, located in the <clearcase home>/etc/utils directory)
This utility (Windows only) displays NTFS ACLs for file system objects.

More information can be found in the Administrator's Guide in the Troubleshooting section.
  • Common scenarios: Troubleshooting permissions damaged when the computer crashed; troubleshooting permissions after a VOB or view is moved to a new location.



Cleartool Commands for Changing Protections

The ClearCase cleartool command includes three subcommands for changing VOB storage and VOB object protections:

protectvob (cleartool subcommand, run as "cleartool protectvob")
The protectvob command manages the ownership and group membership of the files and directories in a VOB, by changing the OS-level permissions on files and directories within the VOB storage area.

Review the ClearCase Command Reference Guide on the topic of protectvob ( cleartool man protectvob) for more information.
  • Common scenarios: Adding, removing or changing a group to the VOB's group list; changing the VOB owner. The "-nremote" switch for protectvob allows you to disable privileged vob access by remote users and require any privileged user to be logged on to the vob server host to perform a privileged operation. However, this restriction on remote commands only applies to the actual "protectvob" command. To restrict the use of other commands a trigger would need to be implemented.

protect (cleartool subcommand, run as "cleartool protect")
The protect command sets the owner, group, or permissions for elements, shared derived objects, or VOB objects which are maintained in the VOB database.

The main use of protect is to control access by standard programs to an element or object's data. For example, you can make some elements readable by anyone and make others readable by only their group members.

Review the ClearCase Command Reference Guide on the topic of protect (cleartool man protect) for more information.

  • Common scenarios: Changing an element's owner; changing the group on a derived object; changing the group on a branch, label or other metadata; adding or removing the r-w-x permissions for an element.

For example, you can fix the permissions or ownership of an element by using "cleartool protect"

While set into a view an VOB:

cleartool protect -chown <new-owner> -chgrp <newgroup> -chmod <new-permissions> <desired-element>

cleartool protect -chown marshall -chgrp users -chmod 770 john.txt


In the example above the account owner "marshall" and group "users" are being assigned to the file element "john.txt" and the permissions are set to 770.

Below you have another example of recursively changing only the permissions of a specific directory structure.

cleartool protect -r -chmod 775 <directory>



checkvob (cleartool subcommand, run as "cleartool checkvob")
The checkvob command looks for inconsistencies within and between VOBs. It can find and fix problems with storage pools, hyperlinks, and global types in an administrative VOB hierarchy. Checkvob can also find and fix inconsistencies between PVOBs, components, and an optional ClearQuest database in a UCM environment.

Review the ClearCase Command Reference Guide on the topic of checkvob (cleartool man checkvob) for more information.

  • Common scenarios: Checking the condition of a VOB on a server that crashed; double-checking after restoring a VOB from backup.


Documentation

Related information

About ClearCase permissions on Windows
About Additional Groups in the VOBs group list
VOB root permissions affect additional groups
Max groups can cause protectvob -add_group to fail
Adding groups to a view's group list on UNIX and Linux
About the creds utility
About the CLEARCASE_PRIMARY_GROUP variable
About changing the ownership of a VOB and its objects

Cross reference information
Segment Product Component Platform Version Edition
Software Development Rational ClearCase Utilities and Tools

Document information

More support for: Rational ClearCase
Utilities and Tools

Software version: 7.0, 7.0.1, 7.1, 7.1.1, 8.0, 8.0.1

Operating system(s): AIX, HP-UX, IRIX, Linux, Solaris, Windows

Reference #: 1211784

Modified date: 20 September 2010