Beginning in release 184.108.40.206, ClearCase can recognize more than 16 groups per user account for certain operating system configurations.
Server-side group substitution
As of ClearCase release 220.127.116.11, the ClearCase administrator can configure VOB and view server hosts to recognize more than 16 groups per user account.
When the feature is enabled, ClearCase servers ignore the group list sent from a client and substitute a group list obtained from the local operating system. This behavior is modeled on that of the NFS servers in Solaris 11.3 (and later) and Linux kernel 2.6.21 (and later),
Because ClearCase uses NFS access to the VOB/view server hosts, the NFS servers on those hosts must also be configured to substitute the group list from the local operating system.
ClearCase support for this feature is limited to the following configurations:
- VOBs at feature level 8 or higher, with ACLs enabled
- VOB, view, and/or CCRC WAN server running Solaris 11.3 or later
- VOB and view storage pools on directly-attached or SAN-attached storage on the server host (not on NAS)
- Kernel configured to support extra groups: /etc/system should list the maximum number of groups per user account, such as:
- Dynamic or snapshot view clients running Linux, SLES 11 or later
- Web or automatic view clients running a release compatible with 18.104.22.168 CCRC WAN server
Enabling the server-side group substitution behavior
Once the VOB/view/WAN servers are configured for more groups per user and running 22.214.171.124, the administrator can enable the feature by creating a text file /var/adm/rational/clearcase/config/server_group_lifetime
containing the number of seconds a server process should cache the group membership list of each user. The first time a process receives an RPC from a user, it queries the operating system for the user account's group list. Subsequent RPCs to the same process use the cached results until the entry expires.
If the server_group_lifetime file does not exist, or its value is 0, the server processes use the original behavior: using the list of groups provided by the RPC client.
After modifying the server_group_lifetime file, the administrator must restart ClearCase for the revised setting to take effect.
20 November 2018