Veritas NetBackup™ Getting Started Guide

Last Published:
Product(s): NetBackup (8.2, 8.1.2)

NetBackup master server web server user and group creation

Beginning with NetBackup 8.0, the NetBackup master server includes a configured web server to support critical backup operations. This web server operates under user account elements with limited privileges. These user account elements must be available on each master server (or each node of a clustered master server).

Note:

For security purposes, do not create web server users or groups with administrator or superuser privileges.

You can use numerous procedures to create users and groups in operating systems. Some specific approaches are shown, but other methods may accomplish the same goal. The home directory path, user name, and group names are not hard-coded, and can be changed. The default local user name is nbwebsvc, and the default local group name is nbwebgrp. The user and group must have sufficient permissions to run daemons.

More information about this topic is available.

See Installation and upgrade requirements for UNIX and Linux.

Please be aware of the operating system-specific account and group requirements:

  • In UNIX and Linux clustered environments, make sure that the local accounts are defined consistently on all cluster nodes. The UID must be the same for each local account. You can use LDAP accounts on UNIX.

  • For Windows clustered master servers, you must use a domain account. You can use a domain account for non-clustered environments, but it is not required.

  • For Windows clustered master servers, you must use a domain group.

The NetBackup Master Server installation fails if any of these requirements are not met. On Windows, you are asked to provide the password for the user account as part of the installation process.

Note:

If the password associated with the web server account expires after initial configuration, NetBackup provides no notification the password has expired. This behavior is normal and expected, as the operating system manages the account and the password.

As long as the web server remains active, the account and the web server continue to operate normally.

When the web server is restarted, or if you attempt to restart the nbwmc service, the service fails to start, due to the expired password. Navigate to the appropriate area in the operating system, supply the correct password, and restart the service.

More information about the web services account and group is available. See the Veritas NetBackup Security and Encryption Guide and the section on the web services account.

To create the local user account and the local group:

  1. Create a local group.
    • Linux and UNIX: # groupadd nbwebgrp

    • Windows: C:\>net localgroup nbwebgrp /add

  2. Create a local user.
    • Linux and UNIX:# useradd -g nbwebgrp -c 'NetBackup Web Services account' -d /usr/openv/wmc nbwebsvc

    • Windows: C:\>net user nbwebsvc strong_password /add

  3. (Conditional) For Windows only, make the user a member of the group:

    C:\>net localgroup nbwebgrp nbwebsvc /add

  4. (Conditional) For Windows only, grant the Log on as a service right to the user:
    • Go to Control Panel > Administrative Tools > Local Security Policy.

    • Under Security Settings, click Local Policies > User Rights Assignment.

    • Right-click on Log on as a service and select Properties

    • Add the local user. The default local user name is nbwebsvc.

    • Save your changes and close the Properties dialog for Log on as a service.