Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Running NetBackup services with non-privileged user (service user) account
  4. About a NetBackup service user account
  5. Important considerations for using a service user account
NetBackup™ Security and Encryption Guide

Important considerations for using a service user account

Review the following to run NetBackup services with the service user account.

  • Do not use the service user account to perform any NetBackup operations. The service user account is intended only to run NetBackup services.

  • It is recommended that the primary group of the service user must only be for the service user.

  • It is not recommended to use the root user as the service user.

  • The nbwebsvc user should not be used as the service user.

  • nbwebgrp must be a secondary group of the service user.

  • Number of processes that can be run with the service user must be same as the processes that run with the root user.

    Use ulimit -u to find the maximum number of user processes that can run with the service user.

  • Number of files that can be opened with the service user must be same as the files that are opened with the root user.

    Use the ulimit -Hn command to view the maximum number of files that can be open with the service user.

  • Using a service user account other than the root user account involves a one-time conversion that may significantly increase the upgrade time based on your catalog size.

  • Other than the installation directory, all external paths must be accessible by the service user.

    See Giving access permissions to service user account on external paths.

  • Environment variable paths must be accessible by the service user.

  • The service user must have access to the OS temporary directory that is usually /tmp or /var/tmp. This may be dictated by P_tmpdir macro.

  • Service user account can be a password-less account.

  • If a service user is configured, legacy log files (/user/openv/netbackup/logs on UNIX or C:\Program Files\Veritas\NetBackup\logs on Windows) have a prefix as SERVICE_USER.

    For example: SERVICE_USER.040921_00001.log

  • The service user name must contain less than 32 characters and must have English characters only.

  • If the bpcd and vnetd processes run under an application account such as Oracle Admin, you must not change that account to the service user account.

Feedback

Was this page helpful?
Previous

About a NetBackup service user account

Next

Configuring a service user account

Feedback

Was this page helpful?