security concern /etc/CommVaultRegistry/ world writeable

Last post 08-01-2012, 11:12 AM by KrisR. 2 replies.
Sort Posts: Previous Next
  • security concern /etc/CommVaultRegistry/ world writeable
    Posted: 07-25-2012, 5:27 AM

    My company has raised a security concern with the fact that our commvault agents create world writeable files in /etc/CommVaultRegistry/

     

    Is there a reason why these files are world writeable?

    My systems umask is 0022 so created files by default should not be world writeable

    if Commvault requier these files world writeable what is the security risks if any?

     

    Please i need the info for audit's

     

  • Re: security concern /etc/CommVaultRegistry/ world writeable
    Posted: 07-25-2012, 4:08 PM
    • efg is not online. Last active: 08-22-2019, 5:13 PM efg
    • Top 10 Contributor
    • Joined on 02-02-2010
    • CommVault Tinton Falls NJ
    • Expert
    • Points 1,672

    Which version of CommVault are you running?   The latest (version 9) has options during install that allow you to strip ALL the permissions for "other" and set a groupID for access (specifically for database iDAs) where a DB owner (OS user other than root) needs R/W access to the /etc/CommVault registry.

    This way instead of the permissions of /etc/CommVaultRegisty being 755 for directories and 644 for files, they would be  more like 750 or 640 or 660 for DB iDA.

    If you are running V9, there is a utility in the Base directory (typically /opt/simpana/Base) called cvpkgchg that can be run to change/fix the permissions of the simpana install.  It is a menu driven script, so just run ./cvpkgchg from the Base directory and follow the prompts.  One of the options is to change permissions for other.   Then you can strip ALL the permissions which hopefully will satisfy your security folks.  Here is a link to some FAQS in the online documentation...  Just scan the page for cvpkgchg.

    http://documentation.commvault.com/commvault/release_9_0_0/books_online_1/english_us/deployment/install/misc/faqs.htm

    Let us know if this helps.


    Ernst F. Graeler
    Senior Engineer III
    Development
  • Re: security concern /etc/CommVaultRegistry/ world writeable
    Posted: 08-01-2012, 11:12 AM

    Thanks for the link- 

    http://documentation.commvault.com/commvault/release_9_0_0/books_online_1/english_us/deployment/install/misc/faqs.htm

     

    It's interesting that under Platforms there's no Windows.

     

     

The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2019 Commvault | All Rights Reserved. | Legal | Privacy Policy