NetBackup™ Commands Reference Guide
- Introduction
- Appendix A. NetBackup Commands
- acsd
- add_media_server_on_clients
- backupdbtrace
- backuptrace
- bmrc
- bmrconfig
- bmrepadm
- bmrprep
- bmrs
- bmrsrtadm
- bp
- bparchive
- bpbackup
- bpbackupdb
- bpcatarc
- bpcatlist
- bpcatres
- bpcatrm
- bpcd
- bpchangeprimary
- bpcleanrestore
- bpclient
- bpclimagelist
- bpclntcmd
- bpclusterutil
- bpcompatd
- bpconfig
- bpdbjobs
- bpdbm
- bpdgclone
- bpdown
- bpduplicate
- bperror
- bpexpdate
- bpfis
- bpflist
- bpgetconfig
- bpgetdebuglog
- bpimage
- bpimagelist
- bpimmedia
- bpimport
- bpinst
- bpkeyfile
- bpkeyutil
- bplabel
- bplist
- bpmedia
- bpmedialist
- bpminlicense
- bpnbat
- bpnbaz
- bppficorr
- bpplcatdrinfo
- bpplclients
- bppldelete
- bpplinclude
- bpplinfo
- bppllist
- bpplsched
- bpplschedrep
- bpplschedwin
- bppolicynew
- bpps
- bprd
- bprecover
- bprestore
- bpretlevel
- bpschedule
- bpschedulerep
- bpsetconfig
- bpstsinfo
- bpstuadd
- bpstudel
- bpstulist
- bpsturep
- bptestbpcd
- bptestnetconn
- bptpcinfo
- bpup
- bpverify
- cat_convert
- cat_export
- cat_import
- configureCerts
- configureMQ
- configurePorts
- configureWebServerCerts
- create_nbdb
- csconfig cldinstance
- csconfig cldprovider
- csconfig meter
- csconfig reinitialize
- csconfig throttle
- duplicatetrace
- importtrace
- jbpSA
- jnbSA
- ltid
- mklogdir
- nbauditreport
- nbcallhomeproxyconfig
- nbcatsync
- NBCC
- NBCCR
- nbcertcmd
- nbcertupdater
- nbcldutil
- nbcloudrestore
- nbcomponentupdate
- nbcplogs
- nbcredkeyutil
- nbdb_admin
- nbdb_backup
- nbdb_move
- nbdb_ping
- nbdb_restore
- nbdb_unload
- nbdb2adutl
- nbdbms_start_server
- nbdbms_start_stop
- nbdc
- nbdecommission
- nbdelete
- nbdeployutil
- nbdevconfig
- nbdevquery
- nbdiscover
- nbdna
- nbemm
- nbemmcmd
- nbfindfile
- nbfirescan
- nbfp
- nbftadm
- nbftconfig
- nbgetconfig
- nbhba
- nbholdutil
- nbhostidentity
- nbhostmgmt
- nbhypervtool
- nbidpcmd
- nbimageshare
- nbinstallcmd
- nbjm
- nbkmiputil
- nbkmscmd
- nbkmsutil
- nboraadm
- nborair
- nbpem
- nbpemreq
- nbmlb
- nbperfchk
- nbplupgrade
- nbrb
- nbrbutil
- nbregopsc
- nbreplicate
- nbrepo
- nbrestorevm
- nbseccmd
- nbserviceusercmd
- nbsetconfig
- nbsmartdiag
- nbsnapimport
- nbsnapreplicate
- nbsqladm
- nbstl
- nbstlutil
- nbstop
- nbsu
- nbsvrgrp
- netbackup_deployment_insights
- resilient_clients
- restoretrace
- stopltid
- tldd
- tldcd
- tpautoconf
- tpclean
- tpconfig
- tpext
- tpreq
- tpunmount
- verifytrace
- vltadm
- vltcontainers
- vlteject
- vltinject
- vltoffsitemedia
- vltopmenu
- vltrun
- vmadd
- vmchange
- vmcheckxxx
- vmd
- vmdelete
- vmoprcmd
- vmphyinv
- vmpool
- vmquery
- vmrule
- vmupdate
- vnetd
- vssat
- vwcp_manage
- vxlogcfg
- vxlogmgr
- vxlogview
- W2KOption
- Index
Name
nbserviceusercmd — used to change the service user, and grant or revoke access to NetBackup Services on the NetBackup installation directory, depending on the operating system
SYNOPSIS
--changeUser
-addAcl | -removeAcl -all | -catalog | -cluster -reason audit_reason [-skip_catalog] [-force]
-addAcl|-removeAcl path1 path2... -reason reason
-changeUser LocalSystem | LocalService | DOMAIN\Administrator_user [-force]
-checkStatus
On UNIX systems, the directory path to this command is /usr/openv/netbackup/bin/goodies
On Windows systems, the directory path to this command is install_path\bin\goodies
DESCRIPTION
On UNIX, you can only use the nbserviceusercmd command to change the service user.
On Windows, use the nbserviceusercmd command to grant or revoke access to the NetBackup services on the NetBackup installation directory as well as to change the service user.
Note:
You must stop all the NetBackup services or daemons before you change the service user.
Before you change the service user with the -changeUser option on Windows, you must first run nbserviceusercmd -addAcl -catalog -reason audit_reason.
This requirement is to make sure that permissions on image catalog are updated before you change the user. This operation may take significant time to complete based on the size of the image catalog.
Run the -addAcl -catalog option before you stop the services.
REQUIREMENTS
Before you change the service user, the NetBackup services or daemons must be offline.
To change the service user
- (Conditional) On a clustered server, confirm that the cluster resources are offline. For more information, refer to the NetBackup Clustered Master Server Administrator's Guide.
- Stop all NetBackup services or daemons.
- Change the service user with the changeUser option.
- (Conditional) On a clustered server, run the command on all nodes in the cluster after you change the service user on the active node.
After you change the service user, confirm the disaster recovery (DR) path that is specified in the catalog policy has the required permissions.
To update the disaster recovery path permissions
- (Conditional) On a clustered server, confirm that the cluster resources are online. For more information, refer to the NetBackup Clustered Master Server Administrator's Guide.
- Start the NetBackup services or daemons.
- (Conditional) On UNIX, grant the required access to the service user on the DR path.
- (Conditional) On Windows, run the command that is shown on all servers:
nbserviceusercmd -addAcl DR_path -reason audit_reason
- Veritas recommends that you take an immediate catalog backup.
For NetBackup Access Control (NBAC) users: If NBAC is configured on the host and you changed the service user to a non-root or LocalService user, you must update the Global Security Administrator group.
To update Global Security Administrator group
- Confirm that all NetBackup services are up and running.
- Run the command that is shown to add the current service user to the Security Administrators group:
vssaz addazgrpmember --azgrpname "Security Administrators" --prplinfo ATP,atdomain,new service user
For more information about how to add the user principle in Global Security Administrator group, refer to the NetBackup Security and Encryption Guide.
OPTIONS
- -addAcl
(Windows only) Grants access to NetBackup services on the NetBackup installation directory.
- -all
(Windows only) Specifies that the operation is to be performed on all files and folders in the NetBackup installation directory. In a clustered environment, the image catalog database and the cluster-specific files are included in these files and folders.
This option skips the image catalog database if CATALOG_PERMISSIONS_UPDATED is set to TRUE in the NetBackup configuration.
- -catalog
(Windows only) Specifies that the operation is to be performed only on the image catalog database. This option cannot be used with the -skip_catalog option.
This option skips the image catalog database if CATALOG_PERMISSIONS_UPDATED is set to TRUE in the NetBackup configuration.
- --changeUser
(UNIX only) Use this option to change the service user of a UNIX computer. This option changes the service user for non-privileged NetBackup master server daemons so that they can start in service user context. You must stop all NetBackup daemons to run this option. The option supports both root and non-root service user types. Use this option to change users as shown:
Root to non-root
Non-root to root
Non-root to non-root
Give the user name only when prompted and not as argument-value. You are limited to three attempts and then you must run the command again. Only the root user can run this option.
Note:
Veritas recommends that the service user is an account with limited privileges. Veritas recommends that you do not use the root user or an nbwebsvc user as service user. The service user must be part of the nbwebgrp group.
- -changeUser
(Windows only) Use this option to change the service user. The command supports the service user types shown:
LocalSystem
Changes the service user to NT AUTHORITY\SYSTEM.
LocalService
Changes the service user to NT AUTHORITY\LocalService.
Domain\Administrator_user
Prompts for the password of the specified administrator user and grants the required privileges to the user.
- -checkStatus
(Windows only) Use this option to verify the status of the permissions update on the image catalog.
- -cluster
(Windows only) Specifies that the operation is to be performed only on cluster-specific files.
This option skips the image catalog database if CATALOG_PERMISSIONS_UPDATED is set to TRUE in the NetBackup configuration.
- -force
(Windows only) Use this option to forcefully grant, revoke, or update permission on the image catalog or to redo the permissions update. This option may take significant time for large catalog image databases. This option cannot be used with the -skip_catalog option.
For example: If the old service user is NT AUTHORITY\LocalService and you want to change the service user back to NT AUTHORITY\LocalService use the -force to again grant or revoke access to the NetBackup services forcefully.
- -reason
(Windows only) Specifies the reason of the operation. It is stored in the audit record.
- -removeAcl
(Windows only) Revokes access to NetBackup services on the NetBackup installation directory.
- -skip_catalog
(Windows only) Specifies that the operation is not to be performed on the image catalog database.
You cannot use this option with the -catalog or the -force options.