Unable to initialize group list for user error from ClearCase Web applications

why logging into an IBM® Rational® ClearCase® console through the ClearCase Web, ClearCase Remote Client or the MultiSite® Administration Web console, yields the error: unable to initialize group list for user , along with the steps to resolve the problem.

Cause

This error can be returned when the permissions on the ccweb executable are not set correctly. Check the permissions on the ccweb executable by running: $ ls -l /usr/atria/web/bin/ccweb  (2002.05.00) or $ ls -l /opt/rational/clearcase/web/bin/ccweb (2003.06.00) The output should be similar to: -r-sr-xr-x   1 root     other     376316 Sep 22  Note: This executable should be owned by root, it does not matter what the group is. One of the symptoms will be an error message in the logs (such as /var/adm/messages) on the system such as: ccweb: Setuid execution not allowed In the RWP error_log file, you will also see the following entry: setgroups: Not owner

Solution

The permissions for the ccweb executable should be r-sr-xr-x. Note that the set-uid bit is enabled. This ensures that this application is run as 'root' even when other users execute it. If the set-uid bit is not enabled, enable it by running the following command as root: $ chmod u+s ccweb (or $ chmod u+s /opt/rational/clearcase/web/bin/ccweb) If this does not seem to solve the problem, and the filesystem where the ccweb application resides is mounted using NFS, check the mountpoint settings, specifically for the presence of the 'nosuid' mount option, documented in the man pages of mount_nfs: suid | nosuid    Allow or disallow setuid execution. The default    is suid. You can see this by looking at your operating system mount tables (such as /etc/vfstab or /etc/mnttab) for signs of the 'nosuid' option. Example: . . . /opt on /dev/vg00/lvol5 delaylog,dev=40000005 on Fri Apr 7 15:04:38 2006 /opt/web/server on /dev/vg01/lvol11 nosuid,delaylog,dev=4001000b on Fri Apr 7 15:04:38 2006 /opt/web/content on /dev/vg01/lvol12 nosuid,delaylog,dev=4001000c on Fri Apr 7 15:04:39 2006 /opt/scopus on /dev/vg01/lvol14 nosuid,delaylog,dev=4001000e on Fri Apr 7 15:04:39 2006 /opt/oracle on /dev/vg01/lvol2 nosuid,delaylog,dev=40010002 on Fri Apr 7 15:04:39 2006 /opt/CCASE_2003A on /dev/vg01/lvol20 nosuid,delaylog,dev=40010014 on Fri Apr 7 15:04:39 2006 . . . If this setting needs to be changed, it will be necessary to redo the mount of the affected filesystem. Consult your system administrator or operating system manuals for assistance.