Changing the ownership of a view on UNIX and Linux

Question & Answer

Question

How can I change the ownership of an IBM® Rational® ClearCase® view on UNIX® and Linux®?

Answer

The following scenario illustrates the steps required to reprotect a view on UNIX and Linux.

Changing ownership of a view requires modification of both the view file system objects and the view database entries to reflect desired ownership.

Note: Changing ownership of a view on Microsoft® Windows® cannot be done using operating system commands similar to the following due to the manner in which the ClearCase architecture interacts with the operating system. These steps will only work on UNIX and Linux.

File System Objects
View Database Objects
Results of an improper procedure

File System Objects

The file system objects include the view storage directory files and all view private files stored in the source (.s) directory.

Example: The following scenario uses the view test to illustrate the affects of the changes made.

%cleartool mkview -tag test /home/jdoe/test.vws Created view. Host-local path: host1:/home/jdoe/test.vws Global path: /net/host1/home/jdoe/test.vws It has the following rights: User : jdoe : rwx Group: ccusers : r-x Other: : r-x

Before changing the view permissions, be sure to uncheckout any elements and backup the view to maintain a history of the view-private files to avoid any problems that may occur if a restore is required.
End the view_server process for the view you wish to change ownership on using the command: cleartool endview -server testNote: When you list the view again, you should no longer see an asterisk on the far left of the line entry:

~$ cleartool lsview test test /net/host1/home/jdoe/test.vws
If you do not have /opt/rational/clearcase/etc/utils in your path, cd to that directory.
SU to root and run the fix_prot command as follows:

fix_prot -r -root -chown <username> -chgrp <group> <view_storage_path>

Note: If you need to change the permissions of ALL existing view private files, use fix_prot with the -chmod swtich:

fix_prot -r -chown <username> -chgrp <group> -chmod <desired-permission> <view_storage_path> fix_prot -root -chown <username> -chgrp <group> <view_storage_path>
Note: This utility will change the file system objects within the view storage. It will not change the view database permissions. The fix_prot utility is designed to correct inconsistencies within the VOB and View storage directories (.identity and files) in the event that they become mis-protected. Review the related information below for more details about fix_prot.

You will be prompted to confirm; type yes.

~# fix_prot -r -root -chown user2 -chgrp ccusers /net/host1/home/jdoe/test.vws CAUTION! This program reprotects every file and directory in a storage directory tree and should be used only when the protection has been damaged (e.g., through the process of copying the tree or by direct manipulation through a tool like the File Manager/Explorer). Re-protect "/home/jdoe/test.vws"? [no] yes Protecting "/home/jdoe/test.vws/db"... Protecting "/home/jdoe/test.vws/admin/view_space"... Protecting "/home/jdoe/test.vws/admin"... Protecting "/home/jdoe/test.vws/.s/00048"... Protecting "/home/jdoe/test.vws/.s/00051"... ... Protecting "/home/jdoe/test.vws/.s/00035"... Protecting "/home/jdoe/test.vws/.s"... Protecting "/home/jdoe/test.vws/.identity"... Protecting "/home/jdoe/test.vws"... Reprotection complete.
Check the .identity directory of the view storage to ensure the setuid/setgid bit (sticky bit) is applied:

INCORRECT PERMISSIONS:
~# cd /home/jdoe/test.vws/.identity ~# ls -al total 8 drwxrwxr-x 2 user2 ccusers 4096 Sep 25 05:02 . drwxrwxr-x 6 user2 ccusers 4096 Sep 25 10:08 .. -r----x--- 1 user2 ccusers 0 Sep 14 17:24 gid -r----x--- 1 user2 ccusers 0 Sep 14 17:24 group.20000 -r-------- 1 user2 ccusers 0 Sep 14 17:24 uid

Modify the permissions on the gid (including the group.xxx files that exist) and uid files if needed:

chmod 2410 gid

chmod 4400 uidCORRECT PERMISSIONS~# cd /home/jdoe/test.vws/.identity ~# ls -al total 8 drwxrwxr-x 2 user2 ccusers 4096 Sep 25 05:02 . drwxrwxr-x 6 user2 ccusers 4096 Sep 25 10:08 .. -r----s--- 1 user2 ccusers 0 Sep 14 17:24 gid -r----s--- 1 user2 ccusers 0 Sep 14 17:24 group.20000 -r-S------ 1 user2 ccusers 0 Sep 14 17:24 uid

At this point all the view file system objects have been reprotected and will reflect the ACL of the new owner.
Note: The ownership of the view file system objects is now complete. If there are also view private files, continue with the instructions on changing the view database ACLs for these files.

View Database Objects

If you need to change the permissions of SOME SPECIFIC view private file, it must be done using the UNIX/Linux chown, chgrp or chmod command while set in a view/VOB context.

%cleartool setview test test(view)%cd /vobs/VOB1 test(view)%ls -l test.txt -rw-rw-r-- 1 jdoe ccusers 5 Nov 1 10:48 test.txttest(view)%su Password: # chown user2 test.txt # exit test(view)%ls -l test.txt -rw-rw-r-- 1 user2 ccusers 15 Nov 1 11:20 test.txt

Example scenario where reprotection is performed incorrectly and the affect it has on ClearCase operations.

%cleartool mkview -tag test /home/jdoe/test.vws Created view. Host-local path: host1:/home/jdoe/test.vws Global path: /net/host1/home/jdoe/test.vws It has the following rights: User : jdoe : rwx Group: users : r-x Other: : r-x %cleartool setview test test(view)%cd /vobs/VOB1 test(view)%echo blah >test.txt

test(view)%cat test.txt
blah test(view)%ls -l test.txt -rw-rw-r-- 1 jdoe users 5 Nov 1 10:48 test.txt test(view)%mvfsstorage test.txt | xargs ls -l -rw-rw-r-- 1 jdoe users 5 Nov 1 10:48 /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt

Note: The view private file ACLs match that of the view properties. These ACLs are recorded in the view database.test(view)%su Password:
# chown vobadmin /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt # chmod 644 /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt # exit

test(view)%ls -l /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt -rw-r--r-- 1 vobadmin users 5 Nov 1 10:48 /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txtNote: The permissions were changed to the file system object (specifcially the storage container for the view private file). The view private data container ownership changes to vobadmin.test(view)%ls -l test.txt -rw-rw-r-- 1 jdoe users 5 Nov 1 10:48 test.txt
Note: The ACLs have not changed on the view private file in the VOB context (neither the owner or the permissions). This information is stored in the view database and cannot be changed using file system commands outside of the view/VOB context.# su jdoe
test(view)%echo blah >>test.txt test(view)%cat test.txt
blah
blahNote: The original user (jdoe) can still write to file, although the data container permissions are set to not allow it.
# su vobadmin
Password: test(view)%ls -l test.txt -rw-rw-r-- 1 jdoe users 10 Nov 1 10:51 test.txt test(view)%mvfsstorage test.txt | xargs ls -l -rw-r--r-- 1 vobadmin users 10 Nov 1 10:51 /home/jdoe/test.vws/.s/00038/800000034548c1cctest.txt test(view)%echo blah >>test.txt zsh: permission denied: test.txt test(view)%id uid=4009(vobadmin) gid=16148(web_ts_ccase)Note: The new owner (vobadmin) does not have permission to write to this view private file, despite the data container permissions.test(view)%chown vobadmin test.txt test.txt: Permission denied test(view)%chgrp web_ts_ccase test.txt test.txt: Permission denied

Note: The new owner (vobadmin) cannot change the permission of this view private file, despite the data container permissions.The only solution is to chown the file within a view/VOB context.
test(view)%su Password: # chown vobadmin test.txt # su vobadmin test(view)%echo blah >>test.txt

test(view)%cat test.txt
blah
blah
blah test(view)%ls -l test.txt -rw-rw-r-- 1 vobadmin users 15 Nov 1 11:20 test.txtNote: After a chown is run on the view private file in a VOB context, the new view owner is able to write to the file.

Related Information

Adding groups to a view group list on UNIX and Linux

About fix_prot

[{"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"View: Dynamic","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF015","label":"IRIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"7.0;7.0.1;7.1;7.1.2;8.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Tips

Changing the ownership of a view on UNIX and Linux

Question & Answer

Question

Answer

Related Information

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?