IT27337: INCORRECT PERMISSIONS ON CIT FILES

APAR status

• Closed as program error.

Error description

• The IBM Spectrum Protect Client creates directories/files in the
  CIT directory that are read/writable by everyone.
  
  Products affected:
  IBM Spectrum Protect Backup-Archive Client version 7.1 and 8.1
  on all platforms.
  IBM Spectrum Protect for Virtual Environments: Data Protection
  for VMware version 7.1 and 8.1 on Microsoft Windows x64 and
  Linux x86_64 platforms.
  IBM Spectrum Protect for Virtual Environments: Data Protection
  for Microsoft Hyper-V version 7.1 and 8.1 on Microsoft Windows
  x64 platform.
  
  If you are using Backup-Archive Client 7.1 and 8.1, refer to
  APAR IT27337
  Note 1: The Backup-Archive Client is a prerequisite to using the
  Data Protection for VMware version 7.1.
  In Data Protection for VMware environments, the Backup-Archive
  Client is also known as the data mover.
  Note 2: The Backup-Archive Client is a prerequisite to using the
  Data Protection for Microsoft Hyper-V versions 7.1 till 8.1.2.
  In Data Protection for  Microsoft Hyper-V environments, the
  Backup-Archive Client is also known as the data mover.
  
  If you are using Data Protection for VMware 8.1, refer to APAR
  IT27400
  
  If you are using Data Protection for Microsoft Hyper-V
  8.1.4-8.1.6, refer to APAR IT27401
  

Local fix

• The user can modify the permissions on the cit/bin/etc folder to
  be more restrictive.
  

Problem summary

• ****************************************************************
  * USERS AFFECTED:                                              *
  * IBM Spectrum Protect  backup-archive client version 7.1 and  *
  * 8.1 on all platforms                                         *
  ****************************************************************
  * PROBLEM DESCRIPTION:                                         *
  * see ERROR DESCRIPTION                                        *
  * For more information, refer to the security bulletin         *
  * published at this location:                                  *
  * https://www.ibm.com/support/pages/node/1107261               *
  ****************************************************************
  * RECOMMENDATION:                                              *
  * Apply fixing level when available. This problem is projected *
  * to be fixed in levels 7.1.8.6 and 8.1.9.  Note that this is  *
  * subject to change at the discretion of IBM.                  *
  ****************************************************************
  

Problem conclusion

•  CIT will operate in single user mode and create the CIT files
  with the proper permissions.
  

Temporary fix

• The user can modify the permissions on the cit/bin/etc folder to
  be more restrictive.
  

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  IT27400 IT27401

Modules/Macros

• dsmc
  

Fix information

• Fixed component name

  TSM CLIENT

• Fixed component ID

  5698ISMCL

Applicable component levels