Scenario
We have recently identified a security issue within Agent for Linux installations that may potentially allow unprivileged users to access Agent logs and backup data.
We have identified that these files and directories have excessive read permissions (allowing users who are not functioning as backup operators read the files) and recommend to deny read permissions to all users other than 'acronis' group members to these files:
/var/lib/Acronis/BackupAndRecovery/OnlineBackup/Default/username.crt
/var/lib/Acronis/BackupAndRecovery/MMS/user.config
/var/lib/Acronis/BackupAndRecovery/MMS/AccessVault/raw/*
Solution
To fix the issue, please change permissions to 750 for directories and 640 for files.
Under root user, issue:
chmod 640 /var/lib/Acronis/BackupAndRecovery/OnlineBackup/Default/username.crt
chmod 640 /var/lib/Acronis/BackupAndRecovery/MMS/user.config
chmod 640 /var/lib/Acronis/BackupAndRecovery/MMS/AccessVault/raw/*
chmod 750 /var/lib/Acronis/BackupAndRecovery/OnlineBackup/Default
chmod 750 /var/lib/Acronis/BackupAndRecovery/MMS
chmod 750 /var/lib/Acronis/BackupAndRecovery/MMS/AccessVault/raw
More information
Acronis Cyber Protect Cloud: product design has been updated in version 9.0: 750/640 permissions will be set by default for these directories/files.