NFS version 4 requirement
Because ClearCase® with ACLs uses file system ACLs on the container files in a VOB storage pool (source containers and cleartext containers), your network filer must support NFS version 4 with ACLs. ClearCase needs the AUTH_SYS user identity option. It is not supported by other AUTH_* identity systems.
Before you start creating ACL-enabled ClearCase VOBs, ensure that your NFS configuration is working.
- Enable NFSv4 and NFSv4 ACLs in the NFS configuration for the network filer.
- Configure the same NFS identity mapping domain on the VOB server host and the filer
- Configure NFSv4 to use AUTH_SYS ("UNIX™ Style" security on the volume export)
- Grant the ClearCase VOB server host root access to the volume that stores the VOBs (on the volume export).
- If there are Windows™ clients, set up a CIFS share for the volume.
- Mount the filer's volume on the VOB server host by using NFSv4.
- To confirm the correct identity mapping between the VOB and host filers, use the ls command to verify that files created by root are listed as owned by root and that files created by the VOB owner account are owned by the VOB owner.
- Optional. On Linux™, install the nfs4-acl-tools package so that you can examine element container ACLs.
Notes:
- If you use NFSv4 filer storage for a VOB, performance can be slow for the following ClearCase operations: checkout, checkin, clearfsimport, and other operations that create new containers in VOB storage directories. You can improve the performance of these operations by disabling write delegations in the filer configuration. However, performance improvement is platform-dependent. On some platforms, this change might result in substantial improvement. On other platforms, the improvement is negligible.
- All user and group principals included in role maps or policies must be known by name to the VOB server and to the NFSv4 network filer. You cannot use accounts that are not known to the filer. See Fix identity mapping problems.