Veeam Agent Management Linux user account requirements

KB ID: 2676
Product: Veeam Backup & Replication;Veeam Agent for Linux
Version: VAL v2.0/v2.0.1, VBR v9.5u3/v9.5u3a
Published:
Last Modified: 2018-07-16

Challenge

Granular ‘sudo’ configuration for a Linux user account to be used for Agent Management.

Cause

As per Agent Management User Guide, a user account to be used for Agent Management should have administrative permissions on the computer that you want to add to a protection group or a job. If you would like to avoid using ‘root’ account in favor of a sudoer account, you might also want to set permissions granularly for one. This document helps you to achieve this goal.

Solution

  • Linux user account used by Veeam Backup and Replication server for any Veeam Agent for Linux deployment and management operations must have /bin/bash shell set by default.
  • /etc/sudoers file should contain a line with ‘requiretty’ parameter negated explicitly for desired Linux user account
  • The account must have either ‘root’ permissions or permissions to execute a specific list of commands as a sudoer on the target Linux machine.
Here is the example of /etc/sudoers file containing proper settings (for SLES 11):
Defaults:username !requiretty


# Protection Group Rescan
username ALL=(root) NOPASSWD: /bin/hostname
username ALL=(root) NOPASSWD: /bin/uname
username ALL=(root) NOPASSWD: /bin/arch
username ALL=(root) NOPASSWD: /bin/cat
username ALL=(root) NOPASSWD: /usr/bin/test
username ALL=(root) NOPASSWD: /usr/mkdir
username ALL=(root) NOPASSWD: /usr/rmdir
username ALL=(root) NOPASSWD: /usr/chown
username ALL=(root) NOPASSWD: /tmp/*/usernameid
username ALL=(root) NOPASSWD: /usr/bin/scp
 
# Agent config/backup
username ALL=(root) NOPASSWD: /usr/bin/veeamconfig
 
# Agent deployment
username ALL=(root) NOPASSWD: /usr/bin/zypper
username ALL=(root) NOPASSWD: /bin/rm
 
# FLR Restore via VBR console
username ALL=(root) NOPASSWD: /bin/sh
username ALL=(root) NOPASSWD: /bin/touch
username ALL=(root) NOPASSWD: /bin/chmod
username ALL=(root) NOPASSWD: /tmp/Username*-*-*-*
username ALL=(root) NOPASSWD: /usr/rm
username ALL=(root) NOPASSWD: /usr/ps
username ALL=(root) NOPASSWD: /usr/mv

For distributions other than SLES replace /usr/bin/zypper with a path to corresponding package manager binary.

Rate the quality of this KB article: 
2.4 out of 5 based on 5 ratings

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.

Request new content

Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Orphus system