问题
Clearcase Server Version - 8.0.1.19
OS – Centos - 7.6.1810 (Core)
Problem: Created new VOB, Mounted the VOB then created dynamic view on server successfully. From VOB root directory ls command shows below error.
ls: reading directory .: Permission denied
total 0
I have executed below protect commands.
cleartool protectvob -f -chown ccadmin -chgrp testvob-grp /vobstg/testvob.vbs
cleartool protect -chown ccadmin -chgrp testvob-grp -chmod 775 -r .
[root@VOB-Server /]# cleartool desc -l vob:/vobstg/testvob
versioned object base "/vobstg/testvob"
created 2019-11-21T09:01:57+05:30 by ccadmin.testvob-grp@VOB-Server
"This is test VOB."
protected by rolemap: "DefaultRolemap"
effective access for user "root": rmelem,Read
VOB family feature level: 8
VOB storage host:pathname "VOB-Server:/vobstg/testvob.vbs"
VOB storage global pathname "/net/VOB-Server/vobstg/testvob.vbs"
database schema version: 80
modification by remote privileged user: allowed
atomic checkin: disabled
srfm: disabled
evil twin detection: disabled
VOB ownership:
owner ccadmin
group testvob-grp
minimum client feature level: 8
ACLs feature level: 8
Attributes:
FeatureLevel = 8
View owner has rwx (all) permission. So in newer version of Clearcase do I need to enable configuration for even root id and VOB-owner ID?
I am using default config spec
element * CHECKEDOUT
element * /main/LATEST
Dynamic view created with root account. While describing the VOB tag it shows below error.
[root@VOB-Server]# cleartool desc -l /vobstg/testvob
cleartool: Error: No permission to resolve: "/vobstg/testvob".
cleartool: Error: Unable to access "/vobstg/testvob" because either it is unreadable or its containing VOB is not accessible to the current user.
Whereas with VOB Owner’s account/ID (ccadmin), I can able to describe the VOB.
回答1:
First, it depends on your config spec (I will assume element * /main/LATEST)
Second, your question mentions root@VOB-Server: make sure to do the ls test as the view owner: ccadmin.testvob-grp
Still as the view owner, do a id -a to check if the primary group (or one of the secondary groups) is part of the VOB group (VOB, not view, which is correctly protected)
See "Access control for VOBs" and "About Additional Groups in the VOB's group list"
You can use the
cleartool describecommand to display the owner, group, and supplemental group list for a VOB.
cleartool descr -l vob:/vobs/vobtag
Whereas with VOB Owner’s account/ID (ccadmin), I can able to describe the VOB.
That is expected: only user with the primary Vob group as part of their group would be able to access the Vob. root has not testvob-grp in its groups (id -a)
来源:https://stackoverflow.com/questions/58967226/clearcase-unable-to-access-vob-ls-reading-directory-permission-denied