Permissions for Service Account on Linux
This section contains permissions required by Veeam Backup for Microsoft 365 for a service account that is used to run Veeam Backup for Microsoft 365 Proxy Service on a Linux-based backup proxy server. By default, Veeam Backup for Microsoft 365 creates and uses the veeam365backup service account, but you can use a service account of your own.
A service account must be added to the sudoers file to start, stop and register services.
The following are required permissions for a service account on a Linux-based backup proxy server:
|
#!/usr/bin/env bash accountName=$1 certDirectory="/etc/veeam/certs" globalConfigDirectory="/etc/veeam/backup365" logDirectory="/var/log" serviceDirectory="/opt/veeamvboproxy" echo "Define permissions" chown :$accountName /etc/shadow chmod g+rw /etc/shadow chown -R :$accountName $certDirectory chmod -R g+rw $certDirectory chown -R $accountName: $globalConfigDirectory chmod -R u+rw $globalConfigDirectory chown -R :$accountName $logDirectory chmod -R g+rw $logDirectory chown -R $accountName:$accountName $serviceDirectory chown $accountName:$accountName $serviceDirectory chmod u+rwx,g+rwx $serviceDirectory chmod -R u+rwx,g+rwx "$serviceDirectory/PSModules" chmod -R u+rwx,g+rwx "$serviceDirectory/Packages" chmod -R u+rwx,g+rw "$serviceDirectory/Xml" chmod -R u+rwx,g+rwx "$serviceDirectory/libraries" chmod -R u+rwx,g+rwx "$serviceDirectory/UpdateServices" chmod u+rwx,g+rwx "$serviceDirectory/Veeam.Archiver.Proxy" chmod u+rwx,g+rwx "$serviceDirectory/UpdateServices/Veeam.Tools.UpdateWarden" chmod u+rwx,g+rwx "$serviceDirectory/UpdateServices/Service/Veeam.Tools.UpdateWarden.Service" chmod 600 "$serviceDirectory/Proxy.ini" setcap "CAP_WAKE_ALARM+ep" "$serviceDirectory/Veeam.Archiver.Proxy" |
Related Topics