Hardened repo access after upgrading to v12

When setting up the VHR, the ‘general user’, not root/admin, is the account which should have permissions on everything. Let me look at the permissions (user/group) on my folder structure and let you know what I find….

Yes, repouser is not on the list of sudoers.  It’s only the admin account.  So the proper way to do this is to add repouser to the sudoers, and then once all is connected and working again, remove from sudoers?

Good thread here. I figured this would happen with the VHR on upgrades.

Thanks all, especially @regnor and @coolsport00 on this.  I added repouser to the sudoers, go things reconnected and removed it, and all is looking good.  Appreciate the quick help!

I’m glad that it worked @dloseke! We have some great information on the hardened repository in the community, if you want to learn more about it (like the series from @vNote42) . And this article from @WorkingHardInIT has everything you need to know from Linux/Ubuntu to Veeam: https://www.starwindsoftware.com/blog/veeam-hardened-linux-repository-part-1

Hey @dloseke ...I’m following up on this as I’m now beginning my VBR upgrade. I have 2 servers - main/prod one for backups and a DR one or replication. I upgraded my repl VBR server last wk without hitch. I’m just getting ready to start the upgrade of my main VBR server today, which has a hardened repo attached to it. So, all which was needed was to re-add the local linux user to sudo to be able to finalize the upgrade of the repo component piece, correct?

Thanks!

Hi @Mildur - thanks for the updated info. Though I reviewed info about the ugprade, I pretty much had it all, but there was 1 item I forgot to do before I started the repo upgrade → enable SSH. Oops! 😊 Once I enabled it, I reperformed the upgrade attempt & it went without a hitch. I did re-disable SSH as well as removed my user from sudo after I completed it. Appreciate the detailed response. Hope you’ve had a good weekend...and thanks again.

Yes, was just going to say that one of my takeaways from VeeamON was that with v12 and beyond, SSH no longer needs to be re-enabled for updates.  Way to go Veeam!  

So I just upgraded to V12 and of course my Linux repo required updating.

My linux repo has two users, the admin (root) account, and veeamrepo for repository access.

Instead of adding the veeamrepo user with repository permissions to the sudo users group and then upgrading the Linux repo to V12, I stupidly used the other admin (root) account to perform the SSL  upgrade.

The upgrade worked fine, but now it seems B&R is using the other admin (root) account to access the linux repositories instead of the veeamrepo account with the correct CHMOD & CHOWN permissions on the directories.

Is there any way to change the repository account in B&R back to the veeamrepo one, or do I need to change the directory permissions on the linux repo to match the admin (root) account?

Doing so would require me to enable sudo on the veeamrepo account and disable it on the admin(root) account I believe.

Thoughts?

• Doug

The admin/root account shouldn’t even have had permissions on the folder/files...yes, even for being root.

I’ve opened  support ticket on this. Looking forward to seeing what they say.

Hmm..odd. I’d be curious to hear what Support says. Keep us posted @PDXdoug