Forum Discussion

shocko's avatar
shocko
Level 4
4 years ago

Agent Priviledge Requirements on RHEL 7

I'm deploying the NB agent v8 and v9 to RHEL 7.7 and 7.9. I'm wondering what priviledge it requires to run on the target RHEL server. Our backup team are saying it needs to run as the root user but our security team would naturally prefer that not be the case. 

  • Hi shocko 

    Sudo would not work for the NetBackup services (bpcd, vnetd etc.) that the client runs (sudo implies a shell of some kind and is not suitable for daemon processes). 

    At present the services need to run as the root user in order to perform the various operatiaons required. 

    David

  • Hello,

    starting with NBU 9.1.0.1, most of Master Server services can run under non-root user. More detail here: https://www.veritas.com/content/support/en_US/doc/103228346-147321331-0/v149908342-147321331.

    However this is not the case of Media Servers and clients.

    Take into account that backup and especially restore activities on a systems are one of the most powerful, so the services should run under privileged account. Without this, you could get into problems especially during restores.

    Regards

    Michal

    • shocko's avatar
      shocko
      Level 4

      Thanks for the reply. Would sudo not suffice though? We have other agents that require root priviledge but do not actually run under the root user. 

      • davidmoline's avatar
        davidmoline
        Level 6

        Hi shocko 

        Sudo would not work for the NetBackup services (bpcd, vnetd etc.) that the client runs (sudo implies a shell of some kind and is not suitable for daemon processes). 

        At present the services need to run as the root user in order to perform the various operatiaons required. 

        David