Granting Permissions to Users

When you install Veeam Plug-in for IBM Db2, full access rights to the plug-in configuration file are automatically granted to all users. To protect sensitive information that is stored in the configuration file from unwanted access, we recommend limiting access to the configuration file to a dedicated group of users.

Before You Begin

Before you create a user group that will have access to the plug-in configuration file, consider the following:

  • To perform this procedure, your OS user account must have root privileges.
  • After a user is added to the group, the user must log out, then log in to the Linux OS again to activate the group permissions.
  • Add only trusted users to the group.

Granting Permissions to the Plug-In Configuration File

By default, the veeam_config.xml configuration file is located in the /opt/veeam/VeeamPluginforDB2 directory. To grant access to the configuration file to a dedicated group of users, do the following:

  1. Create a new user group by running the following command:

sudo groupadd <groupName>

where <groupName> is the name of the created group.

  1. Add a user to the group with the following command:

sudo usermod -a -G <groupName> <userName>

where:

  • <groupName> — the name of the created group.
  • <userName> — the name of the account that will be granted access to the configuration file.
  1. Change the ownership of the configuration file to enable users from the dedicated group to access the configuration file. To do this, run the following command:

sudo chgrp <groupName> /opt/veeam/VeeamPluginforDB2/veeam_config.xml

where <groupName> is the name of the created group.

  1. Limit the permissions for the configuration file to allow the read-write access only to the members of the group. To do this, use the following command:

sudo chmod 660 /opt/veeam/VeeamPluginforDB2/veeam_config.xml