Description
By default, services on NetBackup clients and media servers are configured to run under a privileged account. Beginning with 10.1, NetBackup can run most of the client and media server services as non-root, which is highly encouraged.
Creating service account
For Linux and non-AIX UNIX
To create a local user account, use the following command:
# useradd <user name>
Note: Please ensure that the above user and group are used exclusively by NetBackup.
For AIX
To create a local user account, use the following command:
# mkuser groups='<group name>' <user name>
For Windows
No changes are required as NetBackup will use a built-in Local Service account as the NetBackup service user by default
Changing service account
To run supported services under a different service account, the nbserviceusercmd command can be run post-installation.
On Unix/Linux Systems:
- Stop all NetBackup services: # /usr/openv/netbackup/bin/goodies/netbackup stop
- If required, stop PBX exchange to migrate it to service user: # /opt/VRTSpbx/bin/vxpbx_exchanged stop
- Change user from root to service user: # /usr/openv/netbackup/bin/goodies/nbserviceusercmd --changeUser
- If step 2 was performed, start PBX exchange: # /opt/VRTSpbx/bin/vxpbx_exchanged start
- Start all NetBackup services: # /usr/openv/netbackup/bin/goodies/netbackup start
On Windows Systems:
- Stop all NetBackup services: <install_path>\NetBackup\bin\bpdown -v -f
- Change user from SYSTEM/Administrator to Local Service: <install_path>\NetBackup\bin\goodies\nbserviceusercmd.exe -changeUser LocalService
- Start all NetBackup services: <install_path>\NetBackup\bin\bpup
More information on nbserviceusercmd is available in the NetBackup Commands Reference Guide.
Additional Considerations
- A new service, nbpas (NetBackup Privileged Access Service), has been introduced.
- This optional service supports privileged operations while other services are running in low-privileged mode using the service user.
- If the service user is not configured in the host, this service will be stopped.
- The following version hierarchy is supported for hosts:
- Primary_Server_Version >= Media_Version >= Client_Version
- For selecting appropriate media during backup or restore, the available Media Version must be greater than the Client Version to proceed further.
- For security purposes, do not add the user to groups with administrator or root privileges.
- If bpcd and vnetd are running under an application account, like an Oracle Admin Account, then do not change that account to Service-User/Local-Service.
- If a previous NetBackup installation (10.2 or older) is configured with a service account, then in case of an upgrade using a native installer, configure the service account for Private Branch Exchange (PBX) using the following Related Article (100055703).
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.