Beginning with NetBackup 8.0, the NetBackup master server includes a configured web server to support critical backup operations. This web server operates under user account elements with limited privileges. These user account elements must be available on each master server (or each node of a clustered master server).
Numerous procedures can be used to create users and groups in operating systems. Some specific approaches are listed below, but other methods may accomplish the same goal. The home directory path, user name, and group names are not hardcoded, and can be changed. The default local user name is nbwebsvc, and the default local group name is nbwebgrp. The user and group should at least have sufficient permissions to run daemons.
For more information about customizing the user and group names, please see the section Installation and upgrade requirements for UNIX and Linux in the NetBackup Installation Guide.
For security purposes, do not create web server users or groups with administrator or root privileges.
Note: If the password associated with the web server account expires after initial configuration, NetBackup provides no notification the password has expired. This behavior is normal and expected, as the operating system manages the account and the password.
As long as the web server remains active, the account and the web server continue to operate normally.
When the web server is restarted, or if you attempt to restart the nbwmc service, the service fails to start, due to the expired password. Navigate to the appropriate area in the operating system, supply the correct password, and restart the service.
Note: In clustered environments, make sure local accounts are defined consistently on all cluster nodes. If you use a clustered environment on Linux or UNIX platforms, the NetBackup web service user can be a local user and the group can be a local group. The NetBackup web service user must have the same name and UID on all nodes of the cluster. Also, the group must have the same name and GID on all nodes of the cluster. It is recommended to use domain users (Example: NIS) for clustered environments.
LDAP accounts are supported and can be used on UNIX.
POSIX Shell requirements: The Web Services account must use a POSIX compliant shell.
Note: If your master is clustered, then you must use a domain account. Domain account can be used in non-clustered environments.
Note: User names on Windows systems must be 20 characters or less. Make sure that the password for the web user is set to never expire.