Granting Permissions to Users

When you install Veeam Agent for Linux, the product program files are placed to the folders on the system volume. For full access to Veeam Agent files, super user (root) privileges are required. Rights to execute product files and run commands are also granted to users that belong to the veeam group.

The veeam group is automatically created by Veeam Agent at the process of the product installation. To let regular users work with Veeam Agent without the need to gain root privileges, you can add the necessary users to this group. Users in the veeam group will be able to execute Veeam Agent commands and perform backup and restore tasks under regular user account.

To add a user to the veeam group, in most of Linux distributions you can use the following command:

usermod -a -G veeam <username>

where:

<username> — name of the account to which you want to grant access to Veeam Agent.

For example:

root@srv01:~# usermod -a -G veeam user

 

 

Granting Permissions to Users IMPORTANT

Consider the following:

  • To add a user to the veeam group, you must have super user (root) privileges in the Linux OS.
  • After the user is added to the veeam group, the user must re-login to the Linux OS.
  • Add only trusted users to the veeam group. Veeam Agent for Linux daemon runs and executes commands and scripts with the super user privileges. Thus, users who belong to this group can potentially escalate their privileges through the creative use of pre-freeze/post-thaw or pre-job/post-job scripts.

To check whether the user who is currently logged in to the Linux OS is added to the veeam group, you can use the following command:

groups

For example:

user@srv01:~$ groups
user adm cdrom sudo dip plugdev lpadmin sambashare veeam