Veeam Agent Management Linux user account requirements

KB ID:
2676
Product:
Veeam Backup & Replication;Veeam Agent for Linux
Version:
Published:
Last Modified:
2020-06-22

Challenge

Granular ‘sudo’ configuration for a Linux user account to be used for Agent Management.

Cause

As per Agent Management User Guide, a user account to be used for Agent Management should have administrative permissions on the computer that you want to add to a protection group or a job. If you would like to avoid using ‘root’ account in favor of a sudoer account, you might also want to set permissions granularly for one. This document helps you to achieve this goal.

Solution

  • Linux user account used by Veeam Backup and Replication server for any Veeam Agent for Linux deployment and management operations must have /bin/bash shell set by default.
  • /etc/sudoers file should contain a line with ‘requiretty’ parameter negated explicitly for desired Linux user account
  • The account must have either ‘root’ permissions or permissions to execute a specific list of commands as a sudoer on the target Linux machine.
 

Veeam Agent for Linux v4.x

Veeam Backup & Replication v10

An example of /etc/sudoers file containing proper settings for SLES 11 SP4, Veeam Agent for Linux v4.0/Veeam Backup & Replication v10:

Defaults:username !targetpw  

username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/whoami
username ALL=(root) /bin/mkdir
username ALL=(root) /bin/rmdir
username ALL=(root) /bin/arch
username ALL=(root) /bin/uname
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /bin/rm
username ALL=(root) /usr/bin/scp
username ALL=(root) /bin/cp
username ALL=(root) /bin/chown 
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /bin/chmod
username ALL=(root) /bin/mv

# FLR Restore via console 
username ALL=(root) /bin/sh 
username ALL=(root) /bin/touch 
username ALL=(root) /tmp/VeeamAgent*-*-*-*
username ALL=(root) /bin/ps

username ALL=(root) /sbin/modinfo 

An example of /etc/sudoers file containing proper settings for SLES 12 SP4, Veeam Agent for Linux v4.0/Veeam Backup & Replication v10:

Defaults:username !targetpw  

username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/whoami
username ALL=(root) /usr/bin/mkdir
username ALL=(root) /usr/bin/rmdir
username ALL=(root) /usr/bin/arch
username ALL=(root) /usr/bin/uname
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/rm
username ALL=(root) /usr/bin/cp
username ALL=(root) /usr/bin/chown
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/chmod
username ALL=(root) /usr/bin/mv

# FLR Restore via console 
username ALL=(root) /usr/bin/sh 
username ALL=(root) /usr/bin/touch 
username ALL=(root) /tmp/VeeamAgent*-*-*-*
username ALL=(root) /usr/bin/ps

username ALL=(root) /usr/sbin/modinfo 

 


Veeam Agent for Linux v3.x

Veeam Backup & Replication v9.5 U4

An example of /etc/sudoers file containing proper settings for SLES 11, Veeam Agent for Linux v3.0/Veeam Backup & Replication v9.5 update 4:

Defaults:username !targetpw  

username ALL=(root) /bin/hostname 
username ALL=(root) /bin/uname 
username ALL=(root) /bin/arch 
username ALL=(root) /bin/cat 
username ALL=(root) /usr/bin/test 
username ALL=(root) /bin/mkdir 
username ALL=(root) /bin/rmdir 
username ALL=(root) /bin/chown 
username ALL=(root) /usr/bin/whoami 
username ALL=(root) /usr/bin/id 
username ALL=(root) /tmp/*/veeamagentid 
 
# Agent config/backup 
username ALL=(root) /usr/bin/veeamconfig 
  
# Agent deployment 
username ALL=(root) /usr/bin/zypper 
username ALL=(root) /sbin/modinfo 
username ALL=(root) /bin/rpm 
  
# FLR Restore via console 
username ALL=(root) /bin/sh 
username ALL=(root) /bin/touch 
username ALL=(root) /bin/chmod
username ALL=(root) /tmp/VeeamAgent*-*-*-*
username ALL=(root) /bin/rm 
username ALL=(root) /bin/ps 
username ALL=(root) /bin/mv

 


Veeam Agent for Linux v2.0.1

Veeam Backup & Replication v9.5 U3a

An example of /etc/sudoers file containing proper settings for SLES 11, Veeam Agent for Linux v2.0.1/Veeam Backup & Replication v9.5 update 3a:

Defaults:username !requiretty  

username ALL=(root) NOPASSWD: /bin/hostname 
username ALL=(root) NOPASSWD: /bin/uname 
username ALL=(root) NOPASSWD: /bin/arch 
username ALL=(root) NOPASSWD: /bin/cat 
username ALL=(root) NOPASSWD: /usr/bin/test 
username ALL=(root) NOPASSWD: /bin/mkdir 
username ALL=(root) NOPASSWD: /bin/rmdir 
username ALL=(root) NOPASSWD: /bin/chown 
username ALL=(root) NOPASSWD: /usr/bin/scp
username ALL=(root) NOPASSWD: /tmp/*/veeamagentid 
 
# Agent config/backup 
username ALL=(root) NOPASSWD: /usr/bin/veeamconfig 
  
# Agent deployment 
username ALL=(root) NOPASSWD: /usr/bin/zypper 
username ALL=(root) NOPASSWD: /sbin/modinfo 
username ALL=(root) NOPASSWD: /bin/rpm 
  
# FLR Restore via console 
username ALL=(root) NOPASSWD: /bin/sh 
username ALL=(root) NOPASSWD: /bin/touch 
username ALL=(root) NOPASSWD: /bin/chmod
username ALL=(root) NOPASSWD: /tmp/VeeamAgent*-*-*-*
username ALL=(root) NOPASSWD: /bin/rm 
username ALL=(root) NOPASSWD: /bin/ps 
username ALL=(root) NOPASSWD: /bin/mv


For distributions other than SLES replace /usr/bin/zypper with a path to corresponding package manager binary.

Rate the quality of this KB article: 
2.7 out of 5 based on 15 ratings

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.

Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text:

Submit