Question & Answer
Question
How can I change the ownership of an IBM® Rational® ClearCase® view on UNIX® and Linux®?
Answer
The following scenario illustrates the steps required to reprotect a view on UNIX and Linux.
Changing ownership of a view requires modification of both the view file system objects and the view database entries to reflect desired ownership.
Note: Changing ownership of a view on Microsoft® Windows® cannot be done using operating system commands similar to the following due to the manner in which the ClearCase architecture interacts with the operating system. These steps will only work on UNIX and Linux.
File System Objects
The file system objects include the view storage directory files and all view private files stored in the source (.s) directory.
Example: The following scenario uses the view test to illustrate the affects of the changes made.
%cleartool mkview -tag test /home/jdoe/test.vws
Created view.
Host-local path: host1:/home/jdoe/test.vws
Global path: /net/host1/home/jdoe/test.vws
It has the following rights:
User : jdoe : rwx
Group: ccusers : r-x
Other: : r-x
- Before changing the view permissions, be sure to uncheckout any elements and backup the view to maintain a history of the view-private files to avoid any problems that may occur if a restore is required.
- End the view_server process for the view you wish to change ownership on using the command:
cleartool endview -server test
Note: When you list the view again, you should no longer see an asterisk on the far left of the line entry:
~$ cleartool lsview test
test /net/host1/home/jdoe/test.vws
- If you do not have /opt/rational/clearcase/etc/utils in your path, cd to that directory.
- SU to root and run the fix_prot command as follows:
fix_prot -r -root -chown <username> -chgrp <group> <view_storage_path>
Note: If you need to change the permissions of ALL existing view private files, use fix_prot with the -chmod swtich:
fix_prot -r -chown <username> -chgrp <group> -chmod <desired-permission>
<view_storage_path>
fix_prot -root -chown <username> -chgrp <group> <view_storage_path>
Note: This utility will change the file system objects within the view storage. It will not change the view database permissions. The fix_prot utility is designed to correct inconsistencies within the VOB and View storage directories (.identity and files) in the event that they become mis-protected. Review the related information below for more details about fix_prot.
You will be prompted to confirm; type yes.
~# fix_prot -r -root -chown user2 -chgrp ccusers /net/host1/home/jdoe/test.vws
CAUTION! This program reprotects every file and directory in a
storage directory tree and should be used only when the
protection has been damaged (e.g., through the process of copying the tree or by direct manipulation through a tool like the File Manager/Explorer).
Re-protect "/home/jdoe/test.vws"? [no] yes
Protecting "/home/jdoe/test.vws/db"...
Protecting "/home/jdoe/test.vws/admin/view_space"...
Protecting "/home/jdoe/test.vws/admin"...
Protecting "/home/jdoe/test.vws/.s/00048"...
Protecting "/home/jdoe/test.vws/.s/00051"...
...
Protecting "/home/jdoe/test.vws/.s/00035"...
Protecting "/home/jdoe/test.vws/.s"...
Protecting "/home/jdoe/test.vws/.identity"...
Protecting "/home/jdoe/test.vws"...
Reprotection complete.
- Check the .identity directory of the view storage to ensure the setuid/setgid bit (sticky bit) is applied:
INCORRECT PERMISSIONS:
~# cd /home/jdoe/test.vws/.identity
~# ls -al
total 8
drwxrwxr-x 2 user2 ccusers 4096 Sep 25 05:02 .
drwxrwxr-x 6 user2 ccusers 4096 Sep 25 10:08 ..
-r----x--- 1 user2 ccusers 0 Sep 14 17:24 gid
-r----x--- 1 user2 ccusers 0 Sep 14 17:24 group.20000
-r-------- 1 user2 ccusers 0 Sep 14 17:24 uid
Modify the permissions on the gid (including the group.xxx files that exist) and uid files if needed:
chmod 2410 gid
chmod 4400 uid
CORRECT PERMISSIONS
~# cd /home/jdoe/test.vws/.identity
~# ls -al
total 8
drwxrwxr-x 2 user2 ccusers 4096 Sep 25 05:02 .
drwxrwxr-x 6 user2 ccusers 4096 Sep 25 10:08 ..
-r----s--- 1 user2 ccusers 0 Sep 14 17:24 gid
-r----s--- 1 user2 ccusers 0 Sep 14 17:24 group.20000
-r-S------ 1 user2 ccusers 0 Sep 14 17:24 uid
At this point all the view file system objects have been reprotected and will reflect the ACL of the new owner.
Note: The ownership of the view file system objects is now complete. If there are also view private files, continue with the instructions on changing the view database ACLs for these files.
View Database Objects
If you need to change the permissions of SOME SPECIFIC view private file, it must be done using the UNIX/Linux chown, chgrp or chmod command while set in a view/VOB context. |
%cleartool setview test
test(view)%cd /vobs/VOB1
test(view)%ls -l test.txt
-rw-rw-r-- 1 jdoe ccusers 5 Nov 1 10:48 test.txt
test(view)%su
Password:
# chown user2 test.txt
# exit
test(view)%ls -l test.txt
-rw-rw-r-- 1 user2 ccusers 15 Nov 1 11:20 test.txt
Example scenario where reprotection is performed incorrectly and the affect it has on ClearCase operations.
%cleartool mkview -tag test /home/jdoe/test.vws
Created view.
Host-local path: host1:/home/jdoe/test.vws
Global path: /net/host1/home/jdoe/test.vws
It has the following rights:
User : jdoe : rwx
Group: users : r-x
Other: : r-x
%cleartool setview test
test(view)%cd /vobs/VOB1
test(view)%echo blah >test.txt
test(view)%cat test.txt
blah
test(view)%ls -l test.txt
-rw-rw-r-- 1 jdoe users 5 Nov 1 10:48 test.txt
test(view)%mvfsstorage test.txt | xargs ls -l
-rw-rw-r-- 1 jdoe users 5 Nov 1 10:48 /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt
Note: The view private file ACLs match that of the view properties. These ACLs are recorded in the view database.
test(view)%su
Password:
# chown vobadmin /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt
# chmod 644 /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt
# exit
test(view)%ls -l /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt
-rw-r--r-- 1 vobadmin users 5 Nov 1 10:48 /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt
Note: The permissions were changed to the file system object (specifcially the storage container for the view private file). The view private data container ownership changes to vobadmin.
test(view)%ls -l test.txt
-rw-rw-r-- 1 jdoe users 5 Nov 1 10:48 test.txt
Note: The ACLs have not changed on the view private file in the VOB context (neither the owner or the permissions). This information is stored in the view database and cannot be changed using file system commands outside of the view/VOB context.
# su jdoe
test(view)%echo blah >>test.txt
test(view)%cat test.txt
blah
blah
Note: The original user (jdoe) can still write to file, although the data container permissions are set to not allow it.
# su vobadmin
Password:
test(view)%ls -l test.txt
-rw-rw-r-- 1 jdoe users 10 Nov 1 10:51 test.txt
test(view)%mvfsstorage test.txt | xargs ls -l
-rw-r--r-- 1 vobadmin users 10 Nov 1 10:51 /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt
test(view)%echo blah >>test.txt
zsh: permission denied: test.txt
test(view)%id
uid=4009(vobadmin) gid=16148(web_ts_ccase)
Note: The new owner (vobadmin) does not have permission to write to this view private file, despite the data container permissions.
test(view)%chown vobadmin test.txt
test.txt: Permission denied
test(view)%chgrp web_ts_ccase test.txt
test.txt: Permission denied
Note: The new owner (vobadmin) cannot change the permission of this view private file, despite the data container permissions.
The only solution is to chown the file within a view/VOB context.
test(view)%su
Password:
# chown vobadmin test.txt
# su vobadmin
test(view)%echo blah >>test.txt
test(view)%cat test.txt
blah
blah
blah
test(view)%ls -l test.txt
-rw-rw-r-- 1 vobadmin users 15 Nov 1 11:20 test.txt
Note: After a chown is run on the view private file in a VOB context, the new view owner is able to write to the file.
Related Information
[{"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"View: Dynamic","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"7.0;7.0.1;7.1;7.1.2;8.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21147171