Granting Permissions to Users
When you install Veeam Plug-in for IBM Db2, full access rights to the plug-in configuration file are automatically granted to all users. To protect sensitive information that is stored in the Veeam Plug-in configuration file (veeam_config.xml) from unwanted access, we recommend limiting access to the Veeam Plug-in configuration file to a dedicated group of users.
Before You Begin
Before you create a user group that will have access to the plug-in configuration file, consider the following:
- To perform this procedure, your OS user account must have root privileges.
- After a user is added to the group, the user must log out, then log in to the Linux OS again to activate the group permissions.
- Add only trusted users to the group.
Granting Permissions to the Plug-In Configuration File
By default, the Veeam Plug-in configuration file (veeam_config.xml) is located in the /opt/veeam/VeeamPluginforDB2 directory on the machine where Veeam Plug-in is installed. To grant access to the configuration file to a dedicated group of users, do the following:
- Create a new user group by running the following command:
sudo groupadd <groupName> |
where <groupName> is the name of the created group.
- Add a user to the group with the following command:
sudo usermod -a -G <groupName> <userName> |
where:
- <groupName> — the name of the created group.
- <userName> — the name of the account that will be granted access to the configuration file.
- Change the ownership of the configuration file to enable users from the dedicated group to access the configuration file. To do this, run the following command:
sudo chgrp <groupName> /opt/veeam/VeeamPluginforDB2/veeam_config.xml |
where <groupName> is the name of the created group.
- Limit the permissions for the configuration file to allow the read-write access only to the members of the group. To do this, use the following command:
sudo chmod 660 /opt/veeam/VeeamPluginforDB2/veeam_config.xml |