NetBackup™ Installation Guide
- Preparing for installation
- General installation information
- How to install NetBackup
- About storage device configuration
- Installation operational notes and limitations
- SORT information
- Veritas NetInsights Console information
- General installation information
- NetBackup licenses
- Installing server software on UNIX systems
- Installation requirements for UNIX and Linux
- Installing NetBackup primary server software on Linux
- Installing NetBackup media server software on Linux
- About pushing client software from a primary server to clients
- Installation requirements for UNIX and Linux
- Installing server software on Windows systems
- About the administrative interfaces
- Installing NetBackup client software
- About NetBackup client installation on Windows
- About NetBackup client installation on UNIX and Linux
- Configuring NetBackup
- Removing NetBackup server and client software
- Reference
NetBackup primary server web server user and group creation
Beginning with NetBackup 8.0, the NetBackup primary server includes a configured web server to support critical backup operations. This web server operates under user account elements with limited privileges. These user account elements must be available on each primary server (or each node of a clustered primary server).
Note:
For security purposes, do not create web server users or groups with administrator or superuser privileges.
You can use numerous procedures to create users and groups in operating systems. Some specific approaches are shown, but other methods may accomplish the same goal. The home directory path, user name, and group names are not hard-coded, and can be changed. The default local user name is nbwebsvc
, and the default local group name is nbwebgrp
. The user and group must have sufficient permissions to run daemons.
More information about this topic is available.
See Installation requirements for UNIX and Linux.
Please be aware of the operating system-specific account and group requirements:
In Linux clustered environments, make sure that the local accounts are defined consistently on all cluster nodes. The UID must be the same for each local account. You can use LDAP accounts on UNIX.
For Windows clustered primary servers, you must use a domain account. You can use a domain account for non-clustered environments, but it is not required.
For Windows clustered primary servers, you must use a domain group.
The NetBackup primary server installation fails if any of these requirements are not met. On Windows, you are asked to provide the password for the user account as part of the installation process.
Note:
If the password associated with the web server account expires after initial configuration, NetBackup provides no notification the password has expired. This behavior is normal and expected, as the operating system manages the account and the password.
As long as the web server remains active, the account and the web server continue to operate normally.
When the web server is restarted, or if you attempt to restart the nbwmc service, the service fails to start, due to the expired password. Navigate to the appropriate area in the operating system, supply the correct password, and restart the service.
More information about the web services account and group is available. See the NetBackup Security and Encryption Guide and the section on the web services account.
To create the local user account and the local group:
- Create a local group.
Linux:# groupadd nbwebgrp
Windows: C:\>net localgroup nbwebgrp /add
- Create a local user.
Linux: # useradd -g nbwebgrp -c 'NetBackup Web Services account' -d /usr/openv/wmc nbwebsvc
Windows: C:\>net user nbwebsvc strong_password /add
- (Conditional) For Windows only, make the user a member of the group:
C:\>net localgroup nbwebgrp nbwebsvc /add
- (Conditional) For Windows only, grant the Log on as a service right to the user:
Go to Control Panel > Administrative Tools > Local Security Policy.
Under Security Settings, click Local Policies > User Rights Assignment.
Right-click on Log on as a service and select Properties
Add the local user. The default local user name is
nbwebsvc
.Save your changes and close the Properties dialog for Log on as a service.