This section describes typical scenarios that can lead to inappropriate storage protections and suggests how to avoid these situations.
If you use xcopy or Windows Explorer to copy or restore the storage directory, Windows does not retain the Security Descriptor and its protection is incorrect. We recommend that you use one or more of the following procedures to copy the storage directory:
Use scopy (Windows NT Resource Kit command)
scopy source destination /o /s
You must log on as a member of the Administrators or Backup Operators group. If you are copying across the network, your domain account must belong to one of these groups on both host machines.
Use an offline backup tool
Use commercially available offline backup/restore tools for Windows, such as tape backup, which retain the Security Descriptors. You must log on as a member of the Administrators or Backup Operators group.
Use ccopy (ccase-home-dir\etc\utils\ccopy)
ccopy source destination
NOTE: ccopy does not always preserve ownership when copying files. If this is a concern, use scopy.
For information about fixing protection problems caused by copying the directory, see Fixing Protection Problems.
If you create the storage directory in FAT and later convert that partition to NTFS, its protection will be incorrect. ClearCase reports a different VOB owner after the conversion. VOB and view servers do not start because the identity.sd file does not agree with the storage directory root's Security Descriptor. There is no way to avoid this behavior.
For information about fixing protection problems caused by converting from FAT to NTFS, see Fixing Protection Problems.
If you edit a file permission, for example, by using Windows Explorer or cacls, ClearCase users will begin experiencing access and protection problems.
WARNING: Never click OK in the File Permissions dialog box if the changes will affect VOB and/or view storage. Doing so changes DACL (the order of access control entries) even if you have not changed anything. To detect protection problems, run this command:
cleartool checkvob -protections -pool vob-stg-pname
For information about fixing protection problems caused by editing permissions, see Fixing Protection Problems. For more information about the options to the checkvob command, see the checkvob reference page.
Feedback on the documentation in this site? We welcome any comments!
Copyright © 2001 by Rational Software Corporation. All rights reserved. |