ProblemBeginning with NetBackup 8.0, the NetBackup master server includes a configured web server to support critical backup operations. This web server operates under user account elements with limited privileges. These user account elements must be available on each master server (or each node of a clustered master server).
SolutionNumerous procedures can be used to create users and groups in operating systems. Some specific approaches are listed below, but other methods may accomplish the same goal. The home directory path, user name, and group names are not hardcoded, and can be changed. The default local user name is nbwebsvc, and the default local group name is nbwebgrp. The user and group should at least have sufficient permissions to run daemons.
For more information about customizing the user and group names, please see the section Installation and upgrade requirements for UNIX and Linux in the NetBackup Installation Guide.
For security purposes, do not create web server users or groups with administrator or root privileges.
Note: If the password associated with the web server account expires after initial configuration, NetBackup provides no notification the password has expired. This behavior is normal and expected, as the operating system manages the account and the password.
As long as the web server remains active, the account and the web server continue to operate normally.
When the web server is restarted, or if you attempt to restart the nbwmc service, the service fails to start, due to the expired password. Navigate to the appropriate area in the operating system, supply the correct password, and restart the service.
- To create the local group, enter the following:
# groupadd nbwebgrp
- To create the local user account, enter the following:
# useradd -g nbwebgrp -c 'NetBackup Web Services account' -d /usr/openv/wmc nbwebsvc
- Create local group:
# mkgroup nbwebgrp
- Create local user account:
# mkuser home='/usr/openv/wmc' groups='nbwebgrp' nbwebsvc
Note: In clustered environments, make sure local accounts are defined consistently on all cluster nodes. If you use a clustered environment on Linux or UNIX platforms, the NetBackup web service user can be a local user and the group can be a local group. The NetBackup web service user must have the same name and UID on all nodes of the cluster. Also, the group must have the same name and GID on all nodes of the cluster. It is recommended to use domain users (Example: NIS) for clustered environments.
LDAP accounts are supported and can be used on UNIX.
POSIX Shell requirements: The Web Services account must use a POSIX compliant shell.
C:\>net user nbwebsvc <StrongPassword> /add
2. Create a local group:
C:\>net localgroup nbwebgrp /add
C:\>net localgroup nbwebgrp nbwebsvc /add
4. Grant the Log on as a service right to the user:
- Go to Control Panel > Administrative Tools > Local Security Policy
- Under Security Settings, click Local Policies and then User Rights Assignment
- Right-click on Log on as a service and select Properties
- Add the local user. The default local user name is "nbwebsvc".
- Save your changes and close the "Log on as a service" Properties dialog.