protectvob
Changes various properties of a VOB
Applicability
Product |
Command type |
|---|---|
ClearCase® |
cleartool subcommand |
Platform |
|---|
UNIX |
|
Linux |
Windows |
Synopsis
- Change various properties of a VOB:
- protectvob [ –f/orce ] [ –cho/wn login-name ] [ –chg/rp group-name ]
- [ –add/_group group-name[,...]
[ –del/ete_group group-name[,...]
]
[ –ato/mic_checkin | –nato/mic_checkin ]
[ –srfm | –nsrfm ]
[ –evil_twin | –evil_twin_warn | –nevil_twin ]
[ –evil_twin_case_sens | –nevil_twin_case_sens ]
{ vob-storage-dir-pname | pname-in-vob } ...
- Disable or enable certain types of VOB access:
- protectvob [ –rem/ote_admin | –nrem/ote_admin ]
[ –enable_acls ]
[ –min_client_flevel client-flevel ]
{ vob-storage-pname | pname-in-vob } ...
Description
- UNIX system or Linux: root
- Windows: local administrator, VOB owner, or member of the ClearCase group
Ownership and group membership. The protectvob command can be used to manage the ownership and group membership of the files and directories in a VOB by changing the OS-level permissions on files and directories within the VOB storage area. However, protectvob does not change permissions on the file .hostname; you must change its permissions manually after using protectvob. If you specify no options, protectvob checks pool permissions and offers to repair them.
This command also allows you to disable privileged VOB access by remote users and require any privileged user to be logged on to the VOB server host to perform a privileged operation (for example, modifying an object that is owned by another user or group).
Atomic checkin operations. The options -atomic and -natomic enable and disable atomic checkin operations. If atomic checkins are enabled, checkin must succeed for all elements specified by a checkin operation; else the checkin operation fails for all elements.
Evil twin management. Options of the form *evil* are used to manage evil twins, which are elements of the same name that have been created in different versions of the same directory element.
- Stop synchronization among identities-preserving replicas in the family. Make sure that all update packets have been imported.
- Run protectvob -chown or protectvob -chgrp on all identities-preserving replicas in the family. You must use the same options and arguments in each command.
- Restart synchronization.
Replicated VOB: enabling synchronous requests for mastership. Synchronous request for mastership (SRFM) allows a user to check out a file or directory that is not mastered at the user's VOB replica. A request for mastership of the branch is issued to the mastering replica synchronously with the checkout operation if SRFM has been enabled at the requesting replica. SRFM must be enabled at all replicas that are intended to support SRFM.
Restrictions
Identities
You must have one of the following identities:
- root (UNIX or Linux)
- Local administrator of the VOB server host (Windows).
- Member of the ClearCase administrators group (when using the -nremote_admin or -remote_admin options on Windows.)
Locks
An error occurs if one or more of these objects are locked: VOB.
Mastership
(Replicated VOBs only) No mastership restrictions.
Options and arguments
Confirmation step
- Default
- protectvob asks for confirmation before changing the permissions in one or more storage pools.
- –for/ce
- Suppresses the confirmation step.
Changing VOB ownership
- Default
- None. You can use –chown by itself or in combination with
–chgrp. Note: On Windows, a member of the Backup Operators or Administrators group can change ownership of any VOB with protectvob –chown. If you are the VOB owner, you can change ownership of that VOB by running protectvob –chown user as yourself, and then logging in as user and running protectvob –force vob-storage-pname with no other options.
- –cho/wn user
- Specifies a new VOB owner, who becomes the owner of all the VOB's storage pools and all of the
data containers in them. user can be a login name or one of the following:
On UNIX and Linux, a numeric user ID. protectvob rebuilds the .identity subdirectory of the VOB storage directory, reflecting the new VOB owner's user ID, group ID, and additional groups (if any).
On Windows, the numeric user ID displayed by ccase-home-dir\etc\utils\creds username (this is not the same as the Windows Security Identifier). protectvob rebuilds the Security Descriptor on the VOB root directory (on NTFS only) and the identity.sd and group.sd files in the VOB storage directory, reflecting the new VOB owner's user ID, group ID, and additional groups (if any).
- –ch/grp group
- Specifies a new principal group for the VOB. group can be a group name or one
of the following:
On UNIX and Linux, a numeric group ID.
On Windows, the numeric group ID displayed by ccase-home-dir\etc\utils\creds –g groupname.
Maintaining the secondary group list
- Default
- None. You can use –add_group and –delete_group singly, or together.
- –add/_group group[,...]
- Adds one or more groups to the VOB's secondary group list. group can be a
group name or one of the following:
On UNIX and Linux, a numeric group ID.
On Windows, a numeric group ID displayed by ccase-home-dir\etc\utils\creds –g groupname (Windows).
You must enclose group names that contain spaces in double quotes.
- –del/ete_group group[,...]
- Deletes one or more groups from the VOB's secondary group list. group can be
a group name or one of the following:
On UNIX and Linux, a numeric group ID.
On Windows, the numeric group ID displayed by ccase-home-dir\etc\utils\creds –g groupname. You must enclose group names that contain spaces in double quotes.Note: Existing elements owned by group are not changed. Use cleartool protect –chgrp to change the group owner of such elements to a group that is in the VOB's secondary group list.
Enabling atomic checkin operations
- Default
- None.
- –ato/mic_checkin
- Enables atomic checkin operations. See the checkin reference page for information about atomic checkin operations.
- –nato/mic_checkin
- Disables atomic checkin operations.
Enabling synchronous requests for mastership
- Default
- None.
- –srfm
- Enables synchronous requests for mastership of unmastered branches.
- –nsrfm
- Disables synchronous requests for mastership of unmastered branches.
Enabling ACLs
- Default
- DefaultPolicy and DefaultRolemap
- –enable_acls
- Enables ACL authorization for the specified VOB.
Setting the minimum client feature level
- Default
- None.
- –min_client_flevel client-flevel
- Sets the minimum client feature level that is necessary to access the specified VOB. This option may be used only for a VOB that has been raised to feature level 7 or greater. (Client feature level 7 is used by V8 and client feature level 8 is used by V8.0.1.)
Managing evil twins
- Default
- None.
- –evil_twin
- Prevents the creation of evil twins.
- –evil_twin_warn
- Issues a warning when an evil twin is created
- –nevil_twin
- Disables evil twin prevention or warnings of evil twin creation.
- –evil_twin_case_sens
- If evil twin prevention or warnings are enabled, specifies case-sensitive search for evil twins; for example, makefile and Makefile would not be considered evil twins.
- –nevil_twin_case_sens
- If evil twin prevention or warnings are enabled, specifies non-case-sensitive search for evil twins; for example, makefile and Makefile would be considered evil twins.
Specifying the VOB
- Default
- None.
- vob-storage-pname
- Local pathname of a VOB storage directory.
- pname-in-vob
- The pathname of the VOB tag (whether or not the VOB is mounted) or of any file system object within the VOB (if the VOB is mounted). It cannot be the pathname of the VOB storage directory.
Controlling privileged access by remote users
- Default
- None
- -nrem/ote_admin
- Disables privileged access by remote users. When a VOB is protected with this option, all privileged operations require the user to be logged on to the VOB server host with a privileged identity. Any request from a privileged user logged on to a remote host is treated as though it had been made by an ordinary user (it fails if a privileged identity is required).
- -rem/ote_admin
- Re-enables privileged access by remote users to a VOB protected or created with the -nremote_admin option.
These options are effective only when you are logged on to the VOB server host as a privileged user.
Examples
The UNIX system and Linux examples in this section are written for use in csh. If you use another shell, you might need to use different quoting and escaping conventions.
The Windows examples that include wildcards or quoting are written for use in cleartool interactive mode. If you use cleartool single-command mode, you might need to change the wildcards and quoting to make your command interpreter process the command appropriately.
In cleartool single-command mode, cmd-context represents the UNIX system and Linux shells or Windows command interpreter prompt, followed by the cleartool command. In cleartool interactive mode, cmd-context represents the interactive cleartool prompt.
- On a UNIX or Linux system, make user jackson the owner
of the VOB whose storage area is /usr/lib/vob.vbs.
cmd-context protectvob -chown jackson /usr/lib/vob.vbs This command affects the protection on your versioned object base. While this command is running, access to the VOB will be limited. If you have remote pools, you will have to run this command remotely. Pool "sdft" needs to be protected correctly. Pool "ddft" needs to be protected correctly. Pool "cdft" needs to be protected correctly. Protect versioned object base "/usr/lib/vob.vbs"? [no]yes Do you wish to protect the pools that appear not to need protection? [no]no Protecting "/usr/lib/vob.vbs/s/sdft/0"... Protecting "/usr/lib/vob.vbs/s/sdft/1"... Protecting "/usr/lib/vob.vbs/s/sdft"... ... Protecting "/usr/lib/vob.vbs/d/ddft"... Protecting "/usr/lib/vob.vbs/d/ddft/0"... ... Protecting "/usr/lib/vob.vbs/c/cdft"... Protecting "/usr/lib/vob.vbs/c/cdft/2d"... Protecting "/usr/lib/vob.vbs/c/cdft/35"... ... VOB ownership: owner jackson group user Additional groups: group doc Change the owner and group of a remote VOB storage pool. % rlogin ccsvr01 Password: <enter password>% /opt/devops/clearcase/etc/chown_pool jackson.user /vobaux/vega_src/s001 - On a Windows system, make user smg the owner of the
VOB whose storage area is C:\vobs\docs.vbs.
cmd-context protectvob –chown smg c:\vobs\docs.vbs This command affects the protection on your versioned object base. While this command is running, access to the VOB will be limited. Pool “sdft" appears to be protected correctly. Pool “ddft" appears to be protected correctly. Pool “cdft" appears to be protected correctly. Protect versioned object base “c:\vobs\docs.vbs"? [no]yes Do you wish to protect the pools that appear not to need protection? [no]no VOB ownership: owner smg group user Additional groups: group Backup Operators - On a UNIX or Linux system, add one group to a VOB's group
list, and remove another group.
cmd-context protectvob -add_group devel -delete_group doc /usr/lib/vob.vbs This command affects the protection on your versioned object base. While this command is running, access to the VOB will be limited. If you have remote pools, you will have to run this command remotely. Pool "sdft" appears to be protected correctly. Pool "ddft" appears to be protected correctly. Pool "cdft" appears to be protected correctly. Protect versioned object base "/usr/lib/vob.vbs"? [no]yes Do you wish to protect the pools that appear not to need protection? [no]no VOB ownership: owner jackson group user Additional groups: group devel - On a Windows system, add the group Doc
Group to a VOB's group list.
cmd-context protectvob –add_group "Doc Group" c:\vobs\docs.vbs This command affects the protection on your versioned object base. While this command is running, access to the VOB will be limited. Pool "sdft" appears to be protected correctly. Pool "ddft" appears to be protected correctly. Pool "cdft" appears to be protected correctly. Protect versioned object base “c:\vobs\docs.vbs"? [no] yes Do you wish to protect the pools that appear not to need protection? [no] no VOB ownership: owner smg group user Additional groups: group Backup Operators group Doc Group