protectvob
Applicability
Product |
Command type |
---|---|
ClearCase® |
cleartool subcommand |
Platform |
---|
UNIX |
Linux |
Windows |
Synopsis
- Change various properties of a VOB:
- protectvob [ –f/orce ] [ –cho/wn login-name ] [ –chg/rp group-name ]
- [ –add/_group group-name[,...]
[ –del/ete_group group-name[,...]
]
[ –ato/mic_checkin | –nato/mic_checkin ]
[ –srfm | –nsrfm ]
[ –evil_twin | –evil_twin_warn | –nevil_twin ]
[ –evil_twin_case_sens | –nevil_twin_case_sens ]
{ vob-storage-dir-pname | pname-in-vob } ...
- Disable or enable certain types of VOB access:
- protectvob [ –rem/ote_admin | –nrem/ote_admin ]
[ –enable_acls ]
[ –min_client_flevel client-flevel ]
{ vob-storage-pname | pname-in-vob } ...
Options and arguments
Confirmation step
Changing VOB ownership
- Default
- None. You can use –chown by itself or in combination with
–chgrp. Note: On Windows, a member of the Backup Operators or Administrators group can change ownership of any VOB with protectvob –chown. If you are the VOB owner, you can change ownership of that VOB by running protectvob –chown user as yourself, and then logging in as user and running protectvob –force vob-storage-pname with no other options.
- –cho/wn user
- Specifies a new VOB owner, who becomes the owner of all the VOB's storage pools and all of the
data containers in them. user can be a login name or one of the following:
On UNIX and Linux, a numeric user ID. protectvob rebuilds the .identity subdirectory of the VOB storage directory, reflecting the new VOB owner's user ID, group ID, and additional groups (if any).
On Windows, the numeric user ID displayed by ccase-home-dir\etc\utils\creds username (this is not the same as the Windows Security Identifier). protectvob rebuilds the Security Descriptor on the VOB root directory (on NTFS only) and the identity.sd and group.sd files in the VOB storage directory, reflecting the new VOB owner's user ID, group ID, and additional groups (if any).
- –ch/grp group
- Specifies a new principal group for the VOB. group can be a group name or one
of the following:
On UNIX and Linux, a numeric group ID.
On Windows, the numeric group ID displayed by ccase-home-dir\etc\utils\creds –g groupname.
Maintaining the secondary group list
- Default
- None. You can use –add_group and –delete_group singly, or together.
- –add/_group group[,...]
- Adds one or more groups to the VOB's secondary group list. group can be a
group name or one of the following:
On UNIX and Linux, a numeric group ID.
On Windows, a numeric group ID displayed by ccase-home-dir\etc\utils\creds –g groupname (Windows).
You must enclose group names that contain spaces in double quotes.
- –del/ete_group group[,...]
- Deletes one or more groups from the VOB's secondary group list. group can be
a group name or one of the following:
On UNIX and Linux, a numeric group ID.
On Windows, the numeric group ID displayed by ccase-home-dir\etc\utils\creds –g groupname. You must enclose group names that contain spaces in double quotes.Note: Existing elements owned by group are not changed. Use cleartool protect –chgrp to change the group owner of such elements to a group that is in the VOB's secondary group list.
Enabling atomic checkin operations
- Default
- None.
- –ato/mic_checkin
- Enables atomic checkin operations. See the checkin reference page for information about atomic checkin operations.
- –nato/mic_checkin
- Disables atomic checkin operations.
Enabling synchronous requests for mastership
- Default
- None.
- –srfm
- Enables synchronous requests for mastership of unmastered branches.
- –nsrfm
- Disables synchronous requests for mastership of unmastered branches.
Enabling ACLs
- Default
- DefaultPolicy and DefaultRolemap
- –enable_acls
- Enables ACL authorization for the specified VOB.
- MultiSite: The replica must master the VOB object. When this option is specified for a nonpreserving or a permissions-only preserving replica, only that replica becomes ACL-enabled. When this option is specified for an identity- and permissions-preserving replica, the other replicas become ACL-enabled after synchronization.
Setting the minimum client feature level
- Default
- None.
- –min_client_flevel client-flevel
- Sets the minimum client feature level that is necessary to access the specified VOB. This option may be used only for a VOB that has been raised to feature level 7 or greater. (Client feature level 7 is used by V8 and client feature level 8 is used by V8.0.1.)
Managing evil twins
- Default
- None.
- –evil_twin
- Prevents the creation of evil twins.
- –evil_twin_warn
- Issues a warning when an evil twin is created
- –nevil_twin
- Disables evil twin prevention or warnings of evil twin creation.
- –evil_twin_case_sens
- If evil twin prevention or warnings are enabled, specifies case-sensitive search for evil twins; for example, makefile and Makefile would not be considered evil twins.
- –nevil_twin_case_sens
- If evil twin prevention or warnings are enabled, specifies non-case-sensitive search for evil twins; for example, makefile and Makefile would be considered evil twins.
Specifying the VOB
Controlling privileged access by remote users
- Default
- None
- -nrem/ote_admin
- Disables privileged access by remote users. When a VOB is protected with this option, all privileged operations require the user to be logged on to the VOB server host with a privileged identity. Any request from a privileged user logged on to a remote host is treated as though it had been made by an ordinary user (it fails if a privileged identity is required).
- -rem/ote_admin
- Re-enables privileged access by remote users to a VOB protected or created with the -nremote_admin option.
These options are effective only when you are logged on to the VOB server host as a privileged user.
Examples
The UNIX system and Linux examples in this section are written for use in csh. If you use another shell, you might need to use different quoting and escaping conventions.
The Windows examples that include wildcards or quoting are written for use in cleartool interactive mode. If you use cleartool single-command mode, you might need to change the wildcards and quoting to make your command interpreter process the command appropriately.
In cleartool single-command mode, cmd-context represents the UNIX system and Linux shells or Windows command interpreter prompt, followed by the cleartool command. In cleartool interactive mode, cmd-context represents the interactive cleartool prompt.
- On a UNIX or Linux system, make user jackson the owner
of the VOB whose storage area is /usr/lib/vob.vbs.
cmd-context protectvob -chown jackson /usr/lib/vob.vbs This command affects the protection on your versioned object base. While this command is running, access to the VOB will be limited. If you have remote pools, you will have to run this command remotely. Pool "sdft" needs to be protected correctly. Pool "ddft" needs to be protected correctly. Pool "cdft" needs to be protected correctly. Protect versioned object base "/usr/lib/vob.vbs"? [no]yes Do you wish to protect the pools that appear not to need protection? [no]no Protecting "/usr/lib/vob.vbs/s/sdft/0"... Protecting "/usr/lib/vob.vbs/s/sdft/1"... Protecting "/usr/lib/vob.vbs/s/sdft"... ... Protecting "/usr/lib/vob.vbs/d/ddft"... Protecting "/usr/lib/vob.vbs/d/ddft/0"... ... Protecting "/usr/lib/vob.vbs/c/cdft"... Protecting "/usr/lib/vob.vbs/c/cdft/2d"... Protecting "/usr/lib/vob.vbs/c/cdft/35"... ... VOB ownership: owner jackson group user Additional groups: group doc Change the owner and group of a remote VOB storage pool. % rlogin ccsvr01 Password: <enter password>% /opt/devops/clearcase/etc/chown_pool jackson.user /vobaux/vega_src/s001
- On a Windows system, make user smg the owner of the
VOB whose storage area is C:\vobs\docs.vbs.
cmd-context protectvob –chown smg c:\vobs\docs.vbs This command affects the protection on your versioned object base. While this command is running, access to the VOB will be limited. Pool “sdft" appears to be protected correctly. Pool “ddft" appears to be protected correctly. Pool “cdft" appears to be protected correctly. Protect versioned object base “c:\vobs\docs.vbs"? [no]yes Do you wish to protect the pools that appear not to need protection? [no]no VOB ownership: owner smg group user Additional groups: group Backup Operators
- On a UNIX or Linux system, add one group to a VOB's group
list, and remove another group.
cmd-context protectvob -add_group devel -delete_group doc /usr/lib/vob.vbs This command affects the protection on your versioned object base. While this command is running, access to the VOB will be limited. If you have remote pools, you will have to run this command remotely. Pool "sdft" appears to be protected correctly. Pool "ddft" appears to be protected correctly. Pool "cdft" appears to be protected correctly. Protect versioned object base "/usr/lib/vob.vbs"? [no]yes Do you wish to protect the pools that appear not to need protection? [no]no VOB ownership: owner jackson group user Additional groups: group devel
- On a Windows system, add the group Doc
Group to a VOB's group list.
cmd-context protectvob –add_group "Doc Group" c:\vobs\docs.vbs This command affects the protection on your versioned object base. While this command is running, access to the VOB will be limited. Pool "sdft" appears to be protected correctly. Pool "ddft" appears to be protected correctly. Pool "cdft" appears to be protected correctly. Protect versioned object base “c:\vobs\docs.vbs"? [no] yes Do you wish to protect the pools that appear not to need protection? [no] no VOB ownership: owner smg group user Additional groups: group Backup Operators group Doc Group