Forum Discussion

Azrael808's avatar
Azrael808
Level 2
15 years ago

RALUS and root privileges


Hi All,

I am trying to assist a client in configuring the RALUS agent on a Linux "appliance" we implemented for them in-house. I've successfully installed the RALUS software, as per the instructions on the Symantec site, however, they have been unable to browse the system from their central backup box.

The box is a RHEL 5 server and I've had to manually create the "beoper" group and add the root user to this. I've been doing some searching online, and it would appear that the backup software needs to connect as the "root" user in order for the system to be backed up. This goes against all "best practices" for a Linux/Unix box, but I've been unable to create a non-privileged user that allows the client to back up the host.

Is it possible for me to create another user to use with the RALUS agent? If so, how do I grant this user "root" privileges? Is some sudo configuration necessary? If I have to use the root user, is there work in the pipeline that will change this requirement?

Thanks in advance,

Pete
10.x and Earlier
Backup and Recovery
Backup Exec
Remote Agent for Linux and Unix Servers

9 Replies

Sort By
  • Ken_Putnam's avatar
    Ken_Putnam
    Level 6
    15 years ago
    This goes against all "best practices" for a Linux/Unix box, but I've been unable to create a non-privileged user that allows the client to back up the host.

    Windows Admins have been arguing this since v6.11 when I first started using BackupExec.  But the BESA must still be a Domain Admin to function properly


    You could try adding this complaint in the "Ideas" section, but don't hold your breath waiting for a change here


     
  • Azrael808's avatar
    Azrael808
    Level 2
    15 years ago
    Thanks for the replies! :)

    @Dev T: when you say "added the root account in Backup Exec", do you mean supply the central Backup Exec server (apologies, I'm not sure of the correct terminology) with the root credentials for the box I'm attempting to back up? If that's what you mean, then the answer is no. I was trying to see if there was an alternative solution before configuring the software to use the root account.

    @Ken: You mention "Domain Admin"; is this a requirement even for a Linux box?

    I can understand that Backup Exec may require root privileges in order to be able to back up the entire server and not run into any permissions issues, but this sort of functionality should be delegated to a non-root user using the sudo tool. In this particular case, I'm only really interested in backing up a particular part of the file system, which is world readable.

    Caveats like this definitely put me of using Backup Exec in future...

    Thanks again for the help so far guys, it's most appreciated!
  • Dev_T's avatar
    Dev_T
    Level 6
    15 years ago

    go to tools-->backup exec account-->new-->add root account...

    open selection list and go to resource credentials and right click Linux server and click on change credentials...and select root account and test the credentials

    hopw this helps...

  • Ken_Putnam's avatar
    Ken_Putnam
    Level 6
    15 years ago
    @Ken: You mention "Domain Admin"; is this a requirement even for a Linux box?

    No,   just mentioning that an account equivalent to Root is required for each remote Windows box.  Since it doesn't make a lot of sense to maintain multiplel local admin accounts, generally Domain  Admin is added to Local Admins on each box  

    For windows boxes, BackupOperator should be sufficient to take the backups, but you need Local Admin rights to do almost all restores, hence the "requirment" that the BESA be a Domain Admin
  • Azrael808's avatar
    Azrael808
    Level 2
    15 years ago
    Thanks again guys, good to get some clarification! :)

    @Ken: what you say about admin rights makes sense. The software I use to backup my hosts is configured as a "one-way" street... If anyone needs to restore backups, it needs to be done manually.

    So, the next question would be; can I do something similar with a Linux box? i.e. if I'm only interested in getting data off the box, can I use a non-privileged account?

    Cheers!
  • Azrael808's avatar
    Azrael808
    Level 2
    15 years ago

    So, after configuring the root credentials for use by Backup Exec, the client is still unable to tick the box next to the host in question so as to add it to the backup runs.

    Is there anything else I should be configuring on the system to ensure that the agent can perform it's task? Are any logs generated by the agent that would help me diagnose the issue?

    Thanks again.
  • Dev_T's avatar
    Dev_T
    Level 6
    15 years ago
    try adding the Linux server under user defined selection using IP address, make sure that port 10000 is open on the linux box...
  • James_McKey's avatar
    James_McKey
    Level 5
    15 years ago
    RALUS backups up the File System as ‘root’ but uses the ‘beoper’ group as a mechanism where non-root users can be provided the ability to also protect the Unix file system.  When a non root user is added to the ‘beoper’ group, the corresponding Logon account will now be able to back up the system. It does not change the original account rights in any way.