Rational ClearCase Commands Referenceannotate
apropos
catcr
catcs
cc.icon
cc.magic
cd
chactivity
chbl
checkin
checkout
checkvob
chevent
chflevel
chfolder
chmaster
chpool
chproject
chstream
chtype
chview
clearaudit
clearbug
cleardescribe
cleardiffbl
cleardiff
clearexport_ccase
clearexport_cvs
clearexport_pvcs
clearexport_rcs
clearexport_sccs
clearexport_ssafe
clearfsimport
cleargetlog
clearhistory
clearimport
clearjoinproj
clearlicense
clearmake
clearmake.options
clearmrgman
clearprojexp
clearprompt
cleartool
clearviewupdate
clearvobadmin
comments
config_ccase
config_spec
cptype
credmap
creds
deliver
describe
diffbl
diffcr
diff
dospace
edcs
endview
env_ccase
events_ccase
export_mvfs
exports_ccase
file
find
findmerge
fmt_ccase
getcache
get
getlog
help
hostinfo
init_ccase
ln
lock
lsactivity
lsbl
lscheckout
lsclients
lscomp
lsdo
lsfolder
lshistory
ls
lslock
lsmaster
lspool
lsprivate
lsproject
lsregion
lsreplica
lssite
lsstgloc
lsstream
lstype
lsview
lsvob
lsvtree
makefile_aix
makefile_ccase
makefile_gnu
makefile_pmake
makefile_smake
makefile_sun
man
merge
mkactivity
mkattr
mkattype
mkbl
mkbranch
mkbrtype
mkcomp
mkdir
mkelem
mkeltype
mkfolder
mkhlink
mkhltype
mklabel
mklbtype
mkpool
mkproject
mkregion
mkstgloc
mkstream
mktag
mktrigger
mktrtype
mkview
mkvob
mount_ccase
mount
msdostext_mode
mvfslog
mvfsstorage
mvfstime
mvfsversion
mv
omake
pathnames_ccase
permissions
profile_ccase
promote_server
protect
protectvob
pwd
pwv
query_language
quit
rebase
recoverview
reformatview
reformatvob
register
relocate
rename
reqmaster
reserve
rgy_backup
rgy_check
rgy_passwd
rgy_switchover
rmactivity
rmattr
rmbl
rmbranch
rmcomp
rmdo
rmelem
rmfolder
rmhlink
rmlabel
rmmerge
rmname
rmpool
rmproject
rmregion
rmstgloc
rmstream
rmtag
rmtrigger
rmtype
rmver
rmview
rmvob
schedule
schemes
scrubber
setactivity
setcache
setcs
setplevel
setsite
setview
shell
snapshot.conf
softbench_ccase
space
startview
type_manager
umount
uncheckout
unlock
unregister
unreserve
update
version_selector
view_scrubber
vob_restore
vob_scrubber
vob_sidwalk
vob_snapshot
vob_snapshot_setup
wildcards_ccase
winkin
xclearcase
xcleardiff
xmldiffmrg
SYNOPSIS
DESCRIPTION
vob_sidwalk and vob_siddump are administrative utilities that can be used to read or change security identifiers (Windows SIDs or UNIX UIDs and GIDs) stored in VOB databases that are formatted with schema version 54. vob_sidwalk is installed only on hosts that are configured to support local VOBs and views and to support VOB schema version 54. vob_siddump is installed on all hosts.
The programs are typically needed for these tasks:
- Moving a VOB from one Windows domain to another Windows domain
- Migrating a Windows NT domain to an Active Directory domain
- Moving a VOB from a Windows host to a UNIX host or vice versa
vob_siddump is a read-only version of vob_sidwalk. It can be executed on the VOB server or any client to list the security principal (user and group) names and SIDs stored in a VOB.
vob_sidwalk has all of the capabilities of vob_siddump and can also change SIDs in the VOB database. In addition, vob_sidwalk can be executed with the -recover_filesystem option to reset the protections on a VOB storage directory so that they are consistent with the SID of the VOB's owner and group.
RESTRICTIONS
vob_siddump has no restrictions. vob_sidwalk has the following restrictions:
Identities
You must have one of the following identities:
Locks
An error occurs if the VOB is locked.
Other
You must enter this command on the VOB server host.
OPTIONS AND ARGUMENTS
Read or Map SIDs
- Default
- None. These options are allowed with
both vob_sidwalk and vob_siddump.
- –s·idhistory
- Generate a SID file of historical SID
information stored in the VOB database. Write the current name and SID for
each account to the new-name and new-SID fields
of SIDfile-path and write the historical name and
SID to the old-name and old-SID fields.
If either command is invoked without this option, it writes the current name
and SID for each account to the old-name and old-SID fields
of SIDfile-path, and the new-name field
is always IGNORE.
- –u·nknown
- Map SIDs that cannot be resolved to an
account in the domain. Any user SID that cannot be resolved is mapped to the
SID of the VOB owner. Any group SID that cannot be resolved is mapped to the
SID of the VOB's primary group. The mappings are written to the SID file.
- –p·rofile profile-path
- Write a list of all SIDs found in the
VOB along with the database identifiers that describe objects owned by each
SID. The list is written to the file in profile-path.
Each line of the file has the format
metatype,dbid,user-name,user-SID,group-name,group-SID,mode,container...
where each field has the form:
This option can generate a large file in profile-path and consume significant resources on the VOB server host. This option cannot be used with any other option.
- –m·ap mapfile-path
- Force remapping of all SIDs in a VOB
database as specified in the mapping file at mapfile-path.
Details about the SID remappings for the VOB at vob-tag are
written to SIDfile-path.
The mapping file contains one or more lines in the format
old-name,type,old-SID,new-name,type,new-SID
where each field has the form
old-name domain-name\account-name new-name One of domain-name\account-name, IGNORE, DELETE type One of USER, GROUP, GLOBALGROUP, LOCALGROUPONDC, LOCALGROUP old-SID, new-SID String representation of SID You can use a SID file from a previous run of vob_sidwalk or vob_siddump as the basis of the mapping file. If you need to change the existing mapping (to reassign ownership of objects), edit the file to make any of the following changes:
- –raw·_sid
- Write SIDs in raw (unformatted) style.
Use this option when generating a SID file on Windows in preparation for moving
a VOB from Windows to UNIX.
Update SIDs
- Default
- Only read or map SIDs. Do not change
anything in the VOB database unless the -execute option is
present. These options are not allowed with vob_siddump.
- –e·xecute
- Modify SIDs stored in the VOB database.
Unless the -execute option is used, vob_sidwalk logs,
in the SID file, the changes that would have been made but does not actually
change anything in a VOB database.
- –delete·_groups
- Remove any historical SIDs found in the
group list of an identity-preserving replica. Historical SIDs are always removed
from the group list of a non-replicated VOB or a non-identity-preserving replica.
The Administrator's Guide provides details about how to use this
option.
Logging
- Default
- No logging.
- –l·og logfile-path
- Write a log of SID reassignments. Each
line of the file at logfile-path has the format
metatype,dbid,container,old-SID,reserved,new-SID
where each field has the form:
Fixing Storage Directory Protections
SID File
- Default
- None.
- SIDfile-path
- A pathname at which the command should
write the SID file. An error is returned if SIDfile-path exists
or is not specified. Each line of the SID file has the format:
old-name,type,old-SID,new-name,type,new-SID,count
where each field has the form:
You can use the SID file as the mapping file when running either command with the -map option.
EXAMPLES
The Administrator's Guide includes detailed procedures for using vob_sidwalk and vob_siddump. We recommend that you read them before using either of these programs.
- Generate a SID file showing the old and new SIDs of security principals after a domain migration, but do not change any SIDs.
- Replace the historical SIDs stored in the VOB database with new ones that resolve to the appropriate security principals in the Active Directory domain.
- Reassign
ownership of objects in the VOB by mapping all existing SIDs to the new SIDs
of the VOB owner and group.
Note: If you are using UCM, you may not want to reassign ownership with -unknown. Reassigning an open activity to the VOB owner will make it unusable by its creator (unless it was created by the VOB owner).
- Recover the ACLs on the VOB storage directory and container files, and also correct the SIDs for the VOB's supplementary group list.