https://login.veeam.com/en/oauth?client_id=nXojRrypJ8&redirect_uri=https%3A%2F%2Fwww.veeam.com%2Fservices%2Fauthentication%2Fredirect_url&response_type=code&scope=profile&state=eyJmaW5hbFJlZGlyZWN0TG9jYXRpb24iOiJodHRwczovL3d3dy52ZWVhbS5jb20va2IyNjc2IiwiaGFzaCI6ImEyYWRhYzdiLWM3ZGQtNDk4YS1hM2M3LWJiMzFlM2JkOGI1NSJ9
1-800-691-1991 | 9am - 8pm ET
EN

Veeam Agent Management Linux user account requirements

Challenge

Granular ‘sudo’ configuration for a Linux user account to be used for Agent Management.

Cause

As per Agent Management User Guide, a user account to be used for Agent Management should have administrative permissions on the computer that you want to add to a protection group or a job. If you would like to avoid using ‘root’ account in favor of a sudoer account, you might also want to set permissions granularly for one. This document helps you to achieve this goal.

Solution

  • Linux user account used by Veeam Backup and Replication server for any Veeam Agent for Linux deployment and management operations must have /bin/bash shell set by default.
  • /etc/sudoers file should contain a line with ‘requiretty’ parameter negated explicitly for desired Linux user account
  • The account must have either ‘root’ permissions or permissions to execute a specific list of commands as a sudoer on the target Linux machine.
 

Veeam Agent for Linux v4.x

Veeam Backup & Replication v10

An example of /etc/sudoers file containing proper settings for SLES 11 SP4, Veeam Agent for Linux v4.0/Veeam Backup & Replication v10:

Defaults:username !targetpw  
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/whoami
username ALL=(root) /bin/mkdir
username ALL=(root) /bin/rmdir
username ALL=(root) /bin/arch
username ALL=(root) /bin/uname
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /bin/rm
username ALL=(root) /usr/bin/scp
username ALL=(root) /bin/cp
username ALL=(root) /bin/chown 
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /bin/chmod
username ALL=(root) /bin/mv
# FLR Restore via console 
username ALL=(root) /bin/sh 
username ALL=(root) /bin/touch 
username ALL=(root) /tmp/VeeamAgent*-*-*-*
username ALL=(root) /bin/ps
username ALL=(root) /sbin/modinfo 

An example of /etc/sudoers file containing proper settings for SLES 12 SP4, Veeam Agent for Linux v4.0/Veeam Backup & Replication v10:

Defaults:username !targetpw  
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/whoami
username ALL=(root) /usr/bin/mkdir
username ALL=(root) /usr/bin/rmdir
username ALL=(root) /usr/bin/arch
username ALL=(root) /usr/bin/uname
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/rm
username ALL=(root) /usr/bin/cp
username ALL=(root) /usr/bin/chown
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/chmod
username ALL=(root) /usr/bin/mv
# FLR Restore via console 
username ALL=(root) /usr/bin/sh 
username ALL=(root) /usr/bin/touch 
username ALL=(root) /tmp/VeeamAgent*-*-*-*
username ALL=(root) /usr/bin/ps
username ALL=(root) /usr/sbin/modinfo 

 


Veeam Agent for Linux v3.x

Veeam Backup & Replication v9.5 U4

An example of /etc/sudoers file containing proper settings for SLES 11, Veeam Agent for Linux v3.0/Veeam Backup & Replication v9.5 update 4:

Defaults:username !targetpw  
username ALL=(root) /bin/hostname 
username ALL=(root) /bin/uname 
username ALL=(root) /bin/arch 
username ALL=(root) /bin/cat 
username ALL=(root) /usr/bin/test 
username ALL=(root) /bin/mkdir 
username ALL=(root) /bin/rmdir 
username ALL=(root) /bin/chown 
username ALL=(root) /usr/bin/whoami 
username ALL=(root) /usr/bin/id 
username ALL=(root) /tmp/*/veeamagentid 
 
# Agent config/backup 
username ALL=(root) /usr/bin/veeamconfig 
  
# Agent deployment 
username ALL=(root) /usr/bin/zypper 
username ALL=(root) /sbin/modinfo 
username ALL=(root) /bin/rpm 
  
# FLR Restore via console 
username ALL=(root) /bin/sh 
username ALL=(root) /bin/touch 
username ALL=(root) /bin/chmod
username ALL=(root) /tmp/VeeamAgent*-*-*-*
username ALL=(root) /bin/rm 
username ALL=(root) /bin/ps 
username ALL=(root) /bin/mv

 


Veeam Agent for Linux v2.0.1

Veeam Backup & Replication v9.5 U3a

An example of /etc/sudoers file containing proper settings for SLES 11, Veeam Agent for Linux v2.0.1/Veeam Backup & Replication v9.5 update 3a:

Defaults:username !requiretty  
username ALL=(root) NOPASSWD: /bin/hostname 
username ALL=(root) NOPASSWD: /bin/uname 
username ALL=(root) NOPASSWD: /bin/arch 
username ALL=(root) NOPASSWD: /bin/cat 
username ALL=(root) NOPASSWD: /usr/bin/test 
username ALL=(root) NOPASSWD: /bin/mkdir 
username ALL=(root) NOPASSWD: /bin/rmdir 
username ALL=(root) NOPASSWD: /bin/chown 
username ALL=(root) NOPASSWD: /usr/bin/scp
username ALL=(root) NOPASSWD: /tmp/*/veeamagentid 
 
# Agent config/backup 
username ALL=(root) NOPASSWD: /usr/bin/veeamconfig 
  
# Agent deployment 
username ALL=(root) NOPASSWD: /usr/bin/zypper 
username ALL=(root) NOPASSWD: /sbin/modinfo 
username ALL=(root) NOPASSWD: /bin/rpm 
  
# FLR Restore via console 
username ALL=(root) NOPASSWD: /bin/sh 
username ALL=(root) NOPASSWD: /bin/touch 
username ALL=(root) NOPASSWD: /bin/chmod
username ALL=(root) NOPASSWD: /tmp/VeeamAgent*-*-*-*
username ALL=(root) NOPASSWD: /bin/rm 
username ALL=(root) NOPASSWD: /bin/ps 
username ALL=(root) NOPASSWD: /bin/mv


For distributions other than SLES replace /usr/bin/zypper with a path to corresponding package manager binary.

KB ID:
2676
Product:
Veeam Agent for Linux, Veeam Backup & Replication
Published:
2018-07-02
Last Modified:
2020-08-13
Please rate how helpful this article was to you:
5 out of 5 based on 1 ratings
Thank you for helping us improve!
An error occurred during voting. Please try again later.

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

Knowledge base content request
By submitting, you agree that your personal data will be managed by Veeam in accordance with the Privacy Policy.

ty icon

Thank you!

We have received your request and our team will reach out to you shortly.

OK

error icon

Oops! Something went wrong.

Please go back try again later.