63947: Acronis Backup: update permissions for Acronis Agent for Linux files to prevent unprivileged users accessing the files

use Google Translate

Scenario

We have recently identified a security issue within Agent for Linux installations that may potentially allow unprivileged users to access Agent logs and backup data.

We have identified that these files and directories have excessive read permissions (allowing users who are not functioning as backup operators read the files) and recommend to deny read permissions to all users other than 'acronis' group members to these files:

/var/lib/Acronis/BackupAndRecovery/OnlineBackup/Default/username.crt
/var/lib/Acronis/BackupAndRecovery/MMS/user.config
/var/lib/Acronis/BackupAndRecovery/MMS/AccessVault/raw/*

Solution

To fix the issue, please change permissions to 750 for directories and 640 for files.

Under root user, issue:

chmod 640 /var/lib/Acronis/BackupAndRecovery/OnlineBackup/Default/username.crt
chmod 640 /var/lib/Acronis/BackupAndRecovery/MMS/user.config
chmod 640 /var/lib/Acronis/BackupAndRecovery/MMS/AccessVault/raw/*

chmod 750 /var/lib/Acronis/BackupAndRecovery/OnlineBackup/Default
chmod 750 /var/lib/Acronis/BackupAndRecovery/MMS
chmod 750 /var/lib/Acronis/BackupAndRecovery/MMS/AccessVault/raw

More information

Product design will be updated in the next version of our products: 750/640 permissions will be set by default for these directories/files.