APAR status
Closed as program error.
Error description
The IBM Spectrum Protect Client creates directories/files in the CIT directory that are read/writable by everyone. Products affected: IBM Spectrum Protect Backup-Archive Client version 7.1 and 8.1 on all platforms. IBM Spectrum Protect for Virtual Environments: Data Protection for VMware version 7.1 and 8.1 on Microsoft Windows x64 and Linux x86_64 platforms. IBM Spectrum Protect for Virtual Environments: Data Protection for Microsoft Hyper-V version 7.1 and 8.1 on Microsoft Windows x64 platform. If you are using Backup-Archive Client 7.1 and 8.1, refer to APAR IT27337 Note 1: The Backup-Archive Client is a prerequisite to using the Data Protection for VMware version 7.1. In Data Protection for VMware environments, the Backup-Archive Client is also known as the data mover. Note 2: The Backup-Archive Client is a prerequisite to using the Data Protection for Microsoft Hyper-V versions 7.1 till 8.1.2. In Data Protection for Microsoft Hyper-V environments, the Backup-Archive Client is also known as the data mover. If you are using Data Protection for VMware 8.1, refer to APAR IT27400 If you are using Data Protection for Microsoft Hyper-V 8.1.4-8.1.6, refer to APAR IT27401
Local fix
The user can modify the permissions on the cit/bin/etc folder to be more restrictive.
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Protect backup-archive client version 7.1 and * * 8.1 on all platforms * **************************************************************** * PROBLEM DESCRIPTION: * * see ERROR DESCRIPTION * * For more information, refer to the security bulletin * * published at this location: * * https://www.ibm.com/support/pages/node/1107261 * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is projected * * to be fixed in levels 7.1.8.6 and 8.1.9. Note that this is * * subject to change at the discretion of IBM. * ****************************************************************
Problem conclusion
CIT will operate in single user mode and create the CIT files with the proper permissions.
Temporary fix
The user can modify the permissions on the cit/bin/etc folder to be more restrictive.
Comments
APAR Information
APAR number
IT27337
Reported component name
TSM CLIENT
Reported component ID
5698ISMCL
Reported release
71W
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-12-13
Closed date
2019-07-17
Last modified date
2019-11-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
dsmc
Fix information
Fixed component name
TSM CLIENT
Fixed component ID
5698ISMCL
Applicable component levels
[{"Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"71W"}]
Document Information
Modified date:
14 February 2021