Veritas NetBackup™ Appliance Security Guide
- About the NetBackup appliance Security Guide
- User authentication
- About user authentication on the NetBackup appliance
- About configuring user authentication
- About user name and password specifications
- User authorization
- Intrusion prevention and intrusion detection systems
- Log files
- Operating system security
- Data security
- Web security
- Network security
- Call Home security
- Remote Management Module (RMM) security
- STIG and FIPS conformance
- Appendix A. Security release content
About the NetBackupCLI user role
A NetBackupCLI user can execute all NetBackup commands, view logs, edit NetBackup touch files, and edit NetBackup notify scripts. NetBackupCLI users are solely restricted to run NetBackup commands with superuser privileges and do not have access outside the scope of NetBackup software directories. Once these users log on, they are taken to a restricted shell from where they can run the NetBackup commands. The NetBackupCLI users share a home directory and do not have access to the NetBackup Appliance Web Console or the NetBackup Appliance Shell Menu.
The NetBackupCLI role can be assigned to a maximum of nine user groups at any given time. To create a local NetBackupCLI user, use the Manage > NetBackupCLI > Create command from theNetBackup Appliance Shell Menu. For more information, see the NetBackup Appliance Commands Reference Guide.
Note:
You cannot grant the NetBackupCLI role to an existing local user.
Table: Privileges and restrictions of the appliance NetBackupCLI user lists the rights and restrictions of NetBackupCLI users.
Table: Privileges and restrictions of the appliance NetBackupCLI user
Privileges | Restrictions |
---|---|
The NetBackupCLI user can use the NetBackup Appliance Shell Menu to do the following:
| The following restrictions are placed on NetBackupCLI users:
|
Use one of the following methods to run commands as a NetBackupCLI user:
Restricted shell.
Absolute path ["sudo"]. For example: bppllist or /usr/openv/netbackup/bin/admincmd/bpplist
Special directive operations can fail if the special directive files and commands are not in the correct NetBackup list or path. One example of a special directive operation is when you specify an alternate restore path.
Appliance users that need to run NetBackup commands to access special directive files as a NetBackupCLI user, must do the following to ensure successful operation:
Add the
/home/nbusers
path to the NetBackupbpcd allowed list
.Add the special directive commands to the
/home/nbusers
directory.
For details about adding entries to the NetBackup bpcd allowed list
, refer to the BPCD_WHITELIST_PATH configuration option in the following documents:
NetBackup Administrator's Guide, Volume 1
NetBackup Commands Reference Guide