- Veeam Support Knowledge Base
- Veeam Agent Management Linux User Account Requirements
Veeam Agent Management Linux User Account Requirements
Get weekly article updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam's Privacy Notice.
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Purpose
This provides examples of granular ‘sudo’ configuration for Linux user accounts for Agent Management.
Cause
Per the Agent Management User Guide, a user account for Agent Management should have administrative permissions on the computer you want to add to a protection group or a job. If you would like to avoid using the ‘root’ account in favor of a sudoer account, you may also want to set permissions granularly for one. This document helps you to achieve this goal.
Solution
- Linux user account used by Veeam Backup & Replication for any Veeam Agent for Linux deployment and management operations must have /bin/bash shell set by default.
- /etc/sudoers file should contain a line with the ‘requiretty’ parameter negated explicitly for the desired Linux user account
- The account must have either ‘root’ or permissions to execute a specific list of commands as a sudoer on the target Linux machine. (See examples below.)
Distro-specific sudoers Examples
The examples below were developped for specific Linux distros, which will be indicated before each example. Process locations may need to be adjusted if using a different distro.
Veeam Agent for Linux 6.x / Veeam Backup & Replication 12.x
Example /etc/sudoers entries for RHEL and SLES:
#MISC
veeamdep ALL=(root) /usr/bin/arch
veeamdep ALL=(root) /usr/bin/md5sum /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/echo $HOME
veeamdep ALL=(root) /usr/bin/ls /opt/veeam/transport/veeamtransport-link
veeamdep ALL=(root) /usr/bin/ls /opt/veeam/deployment/veeamdeploymentsvc
veeamdep ALL=(root) /usr/bin/ls /opt/veeam/transport/veeamtransport
veeamdep ALL=(root) /bin/tar xvzf /tmp/VeeamDeploymentSvc_12.* -C /opt/veeam/deployment --no-same-owner
veeamdep ALL=(root) /usr/bin/id -au
veeamdep ALL=(root) /usr/bin/whoami
#MKDIR
veeamdep ALL=(root) /bin/mkdir -p /opt/veeam
veeamdep ALL=(root) /bin/mkdir --parents /opt/veeam/Upload/*
veeamdep ALL=(root) /bin/mkdir --parents /opt/veeam/deployment
#CP
veeamdep ALL=(root) /usr/bin/cp -f /home/veeamdep/* /tmp/VeeamDeploymentSvc_12*
veeamdep ALL=(root) /usr/bin/cp -f /home/veeamdep/* /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /usr/bin/cp -f /home/veeamdep/* /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/cp -f /home/veeamdep/* /opt/veeam/Upload/*
#RM
veeamdep ALL=(root) /bin/rmdir /opt/veeam*
veeamdep ALL=(root) /usr/bin/rm -rf /opt/veeam/Upload/*
veeamdep ALL=(root) /bin/rm -rf /opt/veeam/deployment
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/Upload/*
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/*
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/deployment/certs/*
veeamdep ALL=(root) /usr/bin/rm /opt/veeam
veeamdep ALL=(root) /usr/bin/rm -f /tmp/VeeamDeploymentSvc_12.*
#TOUCH
veeamdep ALL=(root) /usr/bin/touch /tmp/VeeamDeploymentSvc_12*
veeamdep ALL=(root) /usr/bin/touch /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /usr/bin/touch /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/touch /opt/veeam/Upload/*
#CHGRP
veeamdep ALL=(root) /usr/bin/chgrp root /opt/veeam/veeaminstaller
#CHOWN
veeamdep ALL=(root) /usr/bin/chown * /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/chown root /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/chown -hR root /opt/veeam/deployment
veeamdep ALL=(root) /usr/bin/chown * /opt/veeam/ValPackageIndex.xml
#CHMOD
veeamdep ALL=(root) /usr/bin/chmod 0766 /opt/veeam/Upload/*
veeamdep ALL=(root) /usr/bin/chmod 0750 /home/veeamdep/*
veeamdep ALL=(root) /usr/bin/chmod 0750 /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/chmod 0644 /tmp/VeeamDeploymentSvc_12*
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/Upload
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/PackagesRegistry/VeeamTransport/PackageInfo
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/PackagesRegistry/VeeamTransport
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/PackagesRegistry
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/ca-trusted
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/scripts
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/certs
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/certs/client
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/ca-trusted/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt.pem
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/ca-trusted/DigiCertTrustedRootG4.crt.pem
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/libVeeamDeploymentDll.so
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/scripts/veeamdeployment
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/scripts/veeamdeployment.service
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/VeeamDeploymentConfig
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/certs/client/cert_*.pem
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/certs/cert.p12
veeamdep ALL=(root) /usr/bin/chmod 744 /opt/veeam/deployment/veeamdeploymentsvc
veeamdep ALL=(root) /usr/bin/chmod 0750 /opt/veeam/ValPackageIndex.xml
#FIND
veeamdep ALL=(root) /usr/bin/find /opt/veeam/deployment -type f -not -path /opt/veeam/deployment/veeamdeploymentsvc
veeamdep ALL=(root) /usr/bin/find /opt/veeam/deployment -type d
#DEPLOYMENT SERVICE
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --dll-version
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --get-port
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --uninstall
#
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --set-user veeamdep
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --disable-restricted-mode
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --set-base-log-path /var/log/VeeamBackup
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --restart
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --install-server-certificate /opt/veeam/Upload/*
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --get-fingerprint
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --install-certificate /opt/veeam/Upload/*
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --install 6160
#INSTALLER
veeamdep ALL=(root) /opt/veeam/veeaminstaller --install-info VAL --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --package-name-pattern-for-file-name --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --check-package-name * --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --install-packages * --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --agent-version --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --driver-version --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --system-info VBR --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --agent-version --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --check-system-support --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --check-package-name VeeamPluginforOracleRMAN --packages-index-xml /opt/veeam/ValPackageIndex.xml
#TRANSPORT
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport --version
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport --get-port
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport-link --version
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport-link --get-user
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport --disable-restricted-mode
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport-link --set-user root
#VEEAMCONFIG
veeamdep ALL=(root) /bin/veeamconfig vbrcmd print --agentInfo
veeamdep ALL=(root) /bin/veeamconfig --stdin acquireAgent *
veeamdep ALL=(root) /bin/veeamconfig --stdin print *
veeamdep ALL=(root) /bin/veeamconfig --stdin setCertificate *
veeamdep ALL=(root) /bin/veeamconfig --stdinVeeam Agent for Linux 5.x / Veeam Backup & Replication 11a
Example /etc/sudoers entries for SLES 11 SP4:
## Basic
Defaults:username !targetpw
username ALL=(root) /bin/chmod
username ALL=(root) /bin/chown
username ALL=(root) /bin/cp
username ALL=(root) /bin/mkdir
username ALL=(root) /bin/mv
username ALL=(root) /bin/rm
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/scp -p -t /opt/veeam/ValPackageIndex.xml
username ALL=(root) /usr/bin/scp -p -t /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/scp -p -t /tmp/*
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/whoami
## FLR via console
username ALL=(root) /bin/mount
username ALL=(root) /bin/ping
username ALL=(root) /bin/ps
username ALL=(root) /bin/tar
username ALL=(root) /bin/uname
username ALL=(root) /tmp/*-*-*-*-*_vblkid
username ALL=(root) /tmp/VeeamAgent*-*-*-*-*
username ALL=(root) /usr/bin/test -e /tmp/
username ALL=(root) /usr/bin/gzipExample /etc/sudoers entries for SLES 12 SP4
## Basic
Defaults:username !targetpw
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/chmod
username ALL=(root) /usr/bin/chown
username ALL=(root) /usr/bin/cp
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/mkdir
username ALL=(root) /usr/bin/mv
username ALL=(root) /usr/bin/rm
username ALL=(root) /usr/bin/touch
username ALL=(root) /usr/bin/uname
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/whoami
## FLR via console
username ALL=(root) /bin/tar
username ALL=(root) /tmp/*-*-*-*-*_vblkid
username ALL=(root) /tmp/VeeamAgent*-*-*-*-*
username ALL=(root) /usr/bin/test -e /tmp/
username ALL=(root) /usr/bin/gzip
username ALL=(root) /usr/bin/mount
username ALL=(root) /usr/bin/ping
username ALL=(root) /usr/bin/psVeeam Agent for Linux 5.x / Veeam Backup & Replication 11
Example /etc/sudoers entries for SLES 11 SP4:
## Basic
Defaults:username !targetpw
username ALL=(root) /bin/chmod
username ALL=(root) /bin/chown
username ALL=(root) /bin/cp
username ALL=(root) /bin/mkdir
username ALL=(root) /bin/mv
username ALL=(root) /bin/rm
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/scp -p -t /opt/veeam/ValPackageIndex.xml
username ALL=(root) /usr/bin/scp -p -t /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/scp -p -t /tmp/*
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/whoami
## FLR via console
username ALL=(root) /bin/mount
username ALL=(root) /bin/ping
username ALL=(root) /bin/ps
username ALL=(root) /bin/tar
username ALL=(root) /bin/uname
username ALL=(root) /tmp/*-*-*-*-*_vblkid
username ALL=(root) /tmp/VeeamAgent*-*-*-*-*
username ALL=(root) /usr/bin/[ -d /tmp/ ]
username ALL=(root) /usr/bin/gzipExample /etc/sudoers entries for SLES 12 SP4
## Basic
Defaults:username !targetpw
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/chmod
username ALL=(root) /usr/bin/chown
username ALL=(root) /usr/bin/cp
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/mkdir
username ALL=(root) /usr/bin/mv
username ALL=(root) /usr/bin/rm
username ALL=(root) /usr/bin/touch
username ALL=(root) /usr/bin/uname
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/whoami
## FLR via console
username ALL=(root) /bin/tar
username ALL=(root) /tmp/*-*-*-*-*_vblkid
username ALL=(root) /tmp/VeeamAgent*-*-*-*-*
username ALL=(root) /usr/bin/[ -d /tmp/ ]
username ALL=(root) /usr/bin/gzip
username ALL=(root) /usr/bin/mount
username ALL=(root) /usr/bin/ping
username ALL=(root) /usr/bin/ps
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Spelling error in text
Thank you!
Your feedback has been received and will be reviewed.
Oops! Something went wrong.
Please try again later.
You have selected too large block!
Please try select less.
KB Feedback/Suggestion
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Verify your email to continue your product download
We've sent a verification code to:
An email with a verification code was just sent to
Didn't receive the code? Click to resend in sec
Didn't receive the code? Click to resend
Start using Veeam:
Download the product
&
Activate the license key
Thank you!
Your feedback has been received and will be reviewed.