Now you’re less likely to miss what’s been brewing in our knowledge base with this weekly digest
Please, try again later.
The granular sudo permissions example provided in this article is intended for use with Protection Groups managing Veeam Agent for Linux deployments.
These granular sudo permissions are NOT for use with any other Linux-related task that Veeam Backup & Replication performs (e.g., Linux Hardened Repository, Linux Proxy, etc).
In the sudoers example below, there are four lines under #DEPLOYMENT INSTALL (lines # 16, 18,20, and 22) that, by default, utilize a wildcard for the package version (e.g., /tmp/veeamdeployment-12.1.*-1.x86_64.rpm
). You may optionally choose to update those lines with the precise package file names found on the Veeam Backup Server in:
C:\Program Files\Veeam\Backup and Replication\Backup\Packages
For example, Veeam Backup & Replication 12.1.0.2131 uses deployment packages named:
#MISC
veeamdep ALL=(root) /usr/bin/id -au
veeamdep ALL=(root) /usr/bin/whoami
#MKDIR
veeamdep ALL=(root) /bin/mkdir -p /opt/veeam
#RM
veeamdep ALL=(root) /bin/rmdir /opt/veeam
veeamdep ALL=(root) /bin/rmdir /opt/veeam/Upload
veeamdep ALL=(root) /bin/rm -rf /opt/veeam/deployment/
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/ValPackageIndex.xml
#DEPLOYMENT INSTALL
veeamdep ALL=(root) /bin/yum --assumeyes --errorlevel=0 install /tmp/veeamdeployment-12.1.*-1.x86_64.rpm
veeamdep ALL=(root) /bin/yum --assumeyes --errorlevel=0 remove veeamdeployment
veeamdep ALL=(root) /bin/rpm --install /tmp/veeamdeployment-12.1.*-1.x86_64.rpm
veeamdep ALL=(root) /bin/rpm --erase veeamdeployment
veeamdep ALL=(root) /usr/bin/dpkg --force-confold --install /tmp/veeamdeployment_12.1.*_amd64.deb
veeamdep ALL=(root) /usr/bin/dpkg --purge veeamdeployment
veeamdep ALL=(root) /usr/bin/zypper --terse --non-interactive --no-gpg-checks install --auto-agree-with-licenses --force-resolution /tmp/veeamdeployment-12.1.*-1.x86_64.rpm
veeamdep ALL=(root) /usr/bin/zypper --terse --non-interactive --no-gpg-checks remove veeamdeployment
#DEPLOYMENT SERVICE
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --dll-version
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --get-port
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --uninstall
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --set-user veeamdep
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --disable-restricted-mode
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --set-base-log-path /var/log/VeeamBackup
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --restart
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --get-fingerprint
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --install 6160
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --install-server-certificate /tmp/VeeamUpload*/ServerCertificate
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --install-certificate /tmp/VeeamUpload*/ClientCertificate
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --set-max-log-size 10485760
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --set-max-log-count 10
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --get-bios-uuid
#TRANSPORT
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport --version
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport-link --get-user
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport --disable-restricted-mode
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport-link --set-user root
#VEEAMCONFIG
veeamdep ALL=(root) /usr/bin/veeamconfig vbrcmd print --agentInfo
veeamdep ALL=(root) /usr/bin/veeamconfig --stdin
#MISC
veeamdep ALL=(root) /usr/bin/arch
veeamdep ALL=(root) /usr/bin/md5sum /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/echo $HOME
veeamdep ALL=(root) /usr/bin/ls /opt/veeam/transport/veeamtransport-link
veeamdep ALL=(root) /usr/bin/ls /opt/veeam/deployment/veeamdeploymentsvc
veeamdep ALL=(root) /usr/bin/ls /opt/veeam/transport/veeamtransport
veeamdep ALL=(root) /bin/tar xvzf /tmp/VeeamDeploymentSvc_12.* -C /opt/veeam/deployment --no-same-owner
veeamdep ALL=(root) /usr/bin/id -au
veeamdep ALL=(root) /usr/bin/whoami
#MKDIR
veeamdep ALL=(root) /bin/mkdir -p /opt/veeam
veeamdep ALL=(root) /bin/mkdir --parents /opt/veeam/Upload/*
veeamdep ALL=(root) /bin/mkdir --parents /opt/veeam/deployment
#CP
veeamdep ALL=(root) /usr/bin/cp -f /home/veeamdep/* /tmp/VeeamDeploymentSvc_12*
veeamdep ALL=(root) /usr/bin/cp -f /home/veeamdep/* /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /usr/bin/cp -f /home/veeamdep/* /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/cp -f /home/veeamdep/* /opt/veeam/Upload/*
#RM
veeamdep ALL=(root) /bin/rmdir /opt/veeam*
veeamdep ALL=(root) /usr/bin/rm -rf /opt/veeam/Upload/*
veeamdep ALL=(root) /bin/rm -rf /opt/veeam/deployment
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/Upload/*
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/*
veeamdep ALL=(root) /usr/bin/rm /opt/veeam/deployment/certs/*
veeamdep ALL=(root) /usr/bin/rm /opt/veeam
veeamdep ALL=(root) /usr/bin/rm -f /tmp/VeeamDeploymentSvc_12.*
#TOUCH
veeamdep ALL=(root) /usr/bin/touch /tmp/VeeamDeploymentSvc_12*
veeamdep ALL=(root) /usr/bin/touch /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /usr/bin/touch /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/touch /opt/veeam/Upload/*
#CHGRP
veeamdep ALL=(root) /usr/bin/chgrp root /opt/veeam/veeaminstaller
#CHOWN
veeamdep ALL=(root) /usr/bin/chown * /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/chown root /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/chown -hR root /opt/veeam/deployment
veeamdep ALL=(root) /usr/bin/chown * /opt/veeam/ValPackageIndex.xml
#CHMOD
veeamdep ALL=(root) /usr/bin/chmod 0766 /opt/veeam/Upload/*
veeamdep ALL=(root) /usr/bin/chmod 0750 /home/veeamdep/*
veeamdep ALL=(root) /usr/bin/chmod 0750 /opt/veeam/veeaminstaller
veeamdep ALL=(root) /usr/bin/chmod 0644 /tmp/VeeamDeploymentSvc_12*
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/Upload
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/PackagesRegistry/VeeamTransport/PackageInfo
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/PackagesRegistry/VeeamTransport
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/PackagesRegistry
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/ca-trusted
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/scripts
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/certs
veeamdep ALL=(root) /usr/bin/chmod 755 /opt/veeam/deployment/certs/client
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/ca-trusted/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt.pem
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/ca-trusted/DigiCertTrustedRootG4.crt.pem
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/libVeeamDeploymentDll.so
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/scripts/veeamdeployment
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/scripts/veeamdeployment.service
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/VeeamDeploymentConfig
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/certs/client/cert_*.pem
veeamdep ALL=(root) /usr/bin/chmod 644 /opt/veeam/deployment/certs/cert.p12
veeamdep ALL=(root) /usr/bin/chmod 744 /opt/veeam/deployment/veeamdeploymentsvc
veeamdep ALL=(root) /usr/bin/chmod 0750 /opt/veeam/ValPackageIndex.xml
#FIND
veeamdep ALL=(root) /usr/bin/find /opt/veeam/deployment -type f -not -path /opt/veeam/deployment/veeamdeploymentsvc
veeamdep ALL=(root) /usr/bin/find /opt/veeam/deployment -type d
#DEPLOYMENT SERVICE
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --dll-version
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --get-port
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --uninstall
#
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --set-user veeamdep
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --disable-restricted-mode
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --set-base-log-path /var/log/VeeamBackup
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --restart
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --install-server-certificate /opt/veeam/Upload/*
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --get-fingerprint
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --install-certificate /opt/veeam/Upload/*
veeamdep ALL=(root) /opt/veeam/deployment/veeamdeploymentsvc --install 6160
#INSTALLER
veeamdep ALL=(root) /opt/veeam/veeaminstaller --install-info VAL --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --package-name-pattern-for-file-name --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --check-package-name * --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --install-packages * --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --agent-version --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --driver-version --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --system-info VBR --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --agent-version --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --check-system-support --packages-index-xml /opt/veeam/ValPackageIndex.xml
veeamdep ALL=(root) /opt/veeam/veeaminstaller --check-package-name VeeamPluginforOracleRMAN --packages-index-xml /opt/veeam/ValPackageIndex.xml
#TRANSPORT
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport --version
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport --get-port
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport-link --version
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport-link --get-user
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport --disable-restricted-mode
veeamdep ALL=(root) /opt/veeam/transport/veeamtransport-link --set-user root
#VEEAMCONFIG
veeamdep ALL=(root) /bin/veeamconfig vbrcmd print --agentInfo
veeamdep ALL=(root) /bin/veeamconfig --stdin acquireAgent *
veeamdep ALL=(root) /bin/veeamconfig --stdin print *
veeamdep ALL=(root) /bin/veeamconfig --stdin setCertificate *
veeamdep ALL=(root) /bin/veeamconfig --stdin
## Basic
Defaults:username !targetpw
username ALL=(root) /bin/chmod
username ALL=(root) /bin/chown
username ALL=(root) /bin/cp
username ALL=(root) /bin/mkdir
username ALL=(root) /bin/mv
username ALL=(root) /bin/rm
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/scp -p -t /opt/veeam/ValPackageIndex.xml
username ALL=(root) /usr/bin/scp -p -t /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/scp -p -t /tmp/*
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/whoami
## FLR via console
username ALL=(root) /bin/mount
username ALL=(root) /bin/ping
username ALL=(root) /bin/ps
username ALL=(root) /bin/tar
username ALL=(root) /bin/uname
username ALL=(root) /tmp/*-*-*-*-*_vblkid
username ALL=(root) /tmp/VeeamAgent*-*-*-*-*
username ALL=(root) /usr/bin/test -e /tmp/
username ALL=(root) /usr/bin/gzip
## Basic
Defaults:username !targetpw
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/chmod
username ALL=(root) /usr/bin/chown
username ALL=(root) /usr/bin/cp
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/mkdir
username ALL=(root) /usr/bin/mv
username ALL=(root) /usr/bin/rm
username ALL=(root) /usr/bin/touch
username ALL=(root) /usr/bin/uname
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/whoami
## FLR via console
username ALL=(root) /bin/tar
username ALL=(root) /tmp/*-*-*-*-*_vblkid
username ALL=(root) /tmp/VeeamAgent*-*-*-*-*
username ALL=(root) /usr/bin/test -e /tmp/
username ALL=(root) /usr/bin/gzip
username ALL=(root) /usr/bin/mount
username ALL=(root) /usr/bin/ping
username ALL=(root) /usr/bin/ps
## Basic
Defaults:username !targetpw
username ALL=(root) /bin/chmod
username ALL=(root) /bin/chown
username ALL=(root) /bin/cp
username ALL=(root) /bin/mkdir
username ALL=(root) /bin/mv
username ALL=(root) /bin/rm
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/scp -p -t /opt/veeam/ValPackageIndex.xml
username ALL=(root) /usr/bin/scp -p -t /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/scp -p -t /tmp/*
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/whoami
## FLR via console
username ALL=(root) /bin/mount
username ALL=(root) /bin/ping
username ALL=(root) /bin/ps
username ALL=(root) /bin/tar
username ALL=(root) /bin/uname
username ALL=(root) /tmp/*-*-*-*-*_vblkid
username ALL=(root) /tmp/VeeamAgent*-*-*-*-*
username ALL=(root) /usr/bin/[ -d /tmp/ ]
username ALL=(root) /usr/bin/gzip
## Basic
Defaults:username !targetpw
username ALL=(root) /opt/veeam/veeaminstaller
username ALL=(root) /usr/bin/chmod
username ALL=(root) /usr/bin/chown
username ALL=(root) /usr/bin/cp
username ALL=(root) /usr/bin/id
username ALL=(root) /usr/bin/mkdir
username ALL=(root) /usr/bin/mv
username ALL=(root) /usr/bin/rm
username ALL=(root) /usr/bin/touch
username ALL=(root) /usr/bin/uname
username ALL=(root) /usr/bin/veeamconfig
username ALL=(root) /usr/bin/whoami
## FLR via console
username ALL=(root) /bin/tar
username ALL=(root) /tmp/*-*-*-*-*_vblkid
username ALL=(root) /tmp/VeeamAgent*-*-*-*-*
username ALL=(root) /usr/bin/[ -d /tmp/ ]
username ALL=(root) /usr/bin/gzip
username ALL=(root) /usr/bin/mount
username ALL=(root) /usr/bin/ping
username ALL=(root) /usr/bin/ps
Your feedback has been received and will be reviewed.
Please, try again later.
Please try select less.
This form is only for KB Feedback/Suggestions, if you need help with the software open a support case
Your feedback has been received and will be reviewed.
Please, try again later.