Quantcast
Channel: Veeam Support Knowledge Base
Viewing all articles
Browse latest Browse all 4362

How to Change Account Used by Linux Hardened Repository

November 2, 2022, 5:00 pm
$
0
0

How to Change Account Used by Linux Hardened Repository

KB ID: 4348
Product: Veeam Backup & Replication
Published: 2022-11-03
Last Modified: 2022-11-04
Prepare for Veeam Backup & Replication v12

Starting in Veeam Backup & Replication 12, the Linux Server associated with a Hardened Repository using Immutability may only be added using a non-root account.

Furthermore, if a root account is assigned to a Linux server associated with a Hardened Repository with Immutability, the upgrade to v12 will be blocked until a non-root account is assigned.

All customers using Hardened Repositories with Immutability are encouraged to review their configuration and ensure that any Linux Server associated with a Hardened Repository is configured to use a non-root account.

Purpose

This article documents the procedure for changing which account is used by Veeam Backup & Replication to communicate with underlying Linux Server used by a Hardened Linux Repository, including reassigning ownership of existing backup files.

Solution

In Veeam Backup & Replication a Hardened Repository refers to the use of single-use credentials or immutability, or a combination of both.

In Veeam Backup & Replication 11, when configuring a Hardened Repository with Immutability, it is strongly advised to use a non-root account. Starting in Veeam Backup & Replication 12, a non-root account will be a requirement. The account must be either:

 

After changing the account used with the Linux server,  the Veeam Data Movers will lose access to previously written restore points. Use the script below to reassign ownership of the backup files to the new non-root account to ensure continued access to the existing restore points.
 

Change Account

  1. Edit the Linux Server
  2. On the SSH Connection page of the Wizard, add or select the non-root credentials.
  3. Click Next through the pages of the Wizard, and finally, Click Finish to save the changes.

 

Reassigning Ownership of Restore Points

When changing the account used by Veeam Backup & Replication to connect to the Linux server, all files and folders within the repository path must have their ownership changed using the chown command. However, the files marked as immutable must first have their immutability status removed using chattr -i. Once the ownership has been changed, the immutability flag must be reapplied to those files where it was removed using chattr +i. It is critical that only the files that were immutable before the ownership change have the immutability flag reapplied.

Below is an example bash script that performs these steps and tracks which files were immutable before the ownership change. This script is an example and may not function with some distributions of Linux. It should be run as root (or using sudo) to reassign ownership of the backup files in the immutable repository path.

Script Syntax: ./change_backup_owner.sh <repository_path> <username> <groupname>

#!/bin/bash
auxiliaryfile="/tmp/veeamstoragefilenames_"$(date '+%Y-%m-%d-%H-%M')
find $1 -name "*.vbk" -o -name "*.vib" -type f > $auxiliaryfile
while read -r line;
do  
    is_immutable=false
    STR=$(eval lsattr -Rl ${line// /\\ })
    SUB=' Immutable'
    SUB2=',Immutable'
    if [[ "$STR" == *"$SUB"* ]]; then
        is_immutable=true
    elif [[ "$STR" == *"$SUB2"* ]]; then
        is_immutable=true
    fi
    if [[ $is_immutable == 'true' ]]; then
        eval chattr -i "${line// /\\ }" ;
    fi    
    eval chown $2:$3 "${line// /\\ }" ;
    if [[ $is_immutable == 'true' ]]; then
        eval chattr +i "${line// /\\ }" ;
    fi
done < $auxiliaryfile
find $1 -name "*.vbm" -type f > $auxiliaryfile
while read -r line;
do  
    eval chown $2:$3 "${line// /\\ }" ;
done < $auxiliaryfile
chown -R $2:$3 $1 2>/dev/null
rm -rf $auxiliaryfile
Example:
Change Ownership
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
Search
Viewing all articles
Browse latest Browse all 4362

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search