IBM Support

IT27337: INCORRECT PERMISSIONS ON CIT FILES

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The IBM Spectrum Protect Client creates directories/files in the
    CIT directory that are read/writable by everyone.
    
    Products affected:
    IBM Spectrum Protect Backup-Archive Client version 7.1 and 8.1
    on all platforms.
    IBM Spectrum Protect for Virtual Environments: Data Protection
    for VMware version 7.1 and 8.1 on Microsoft Windows x64 and
    Linux x86_64 platforms.
    IBM Spectrum Protect for Virtual Environments: Data Protection
    for Microsoft Hyper-V version 7.1 and 8.1 on Microsoft Windows
    x64 platform.
    
    If you are using Backup-Archive Client 7.1 and 8.1, refer to
    APAR IT27337
    Note 1: The Backup-Archive Client is a prerequisite to using the
    Data Protection for VMware version 7.1.
    In Data Protection for VMware environments, the Backup-Archive
    Client is also known as the data mover.
    Note 2: The Backup-Archive Client is a prerequisite to using the
    Data Protection for Microsoft Hyper-V versions 7.1 till 8.1.2.
    In Data Protection for  Microsoft Hyper-V environments, the
    Backup-Archive Client is also known as the data mover.
    
    If you are using Data Protection for VMware 8.1, refer to APAR
    IT27400
    
    If you are using Data Protection for Microsoft Hyper-V
    8.1.4-8.1.6, refer to APAR IT27401
    

Local fix

  • The user can modify the permissions on the cit/bin/etc folder to
    be more restrictive.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * IBM Spectrum Protect  backup-archive client version 7.1 and  *
    * 8.1 on all platforms                                         *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * see ERROR DESCRIPTION                                        *
    * For more information, refer to the security bulletin         *
    * published at this location:                                  *
    * https://www.ibm.com/support/pages/node/1107261               *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fixing level when available. This problem is projected *
    * to be fixed in levels 7.1.8.6 and 8.1.9.  Note that this is  *
    * subject to change at the discretion of IBM.                  *
    ****************************************************************
    

Problem conclusion

  •  CIT will operate in single user mode and create the CIT files
    with the proper permissions.
    

Temporary fix

  • The user can modify the permissions on the cit/bin/etc folder to
    be more restrictive.
    

Comments

APAR Information

  • APAR number

    IT27337

  • Reported component name

    TSM CLIENT

  • Reported component ID

    5698ISMCL

  • Reported release

    71W

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-12-13

  • Closed date

    2019-07-17

  • Last modified date

    2019-11-22

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IT27400 IT27401

Modules/Macros

  • dsmc
    

Fix information

  • Fixed component name

    TSM CLIENT

  • Fixed component ID

    5698ISMCL

Applicable component levels

[{"Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"71W"}]

Document Information

Modified date:
14 February 2021