Important considerations for using a service user account
Review the following to run NetBackup services with the service user account.
Do not use the service user account to perform any NetBackup operations. The service user account is intended only to run NetBackup services.
It is recommended that the primary group of the service user must only be for the service user.
It is not recommended to use the root user as the service user.
The nbwebsvc user should not be used as the service user.
nbwebgrp must be a secondary group of the service user.
Number of processes that can be run with the service user must be same as the processes that run with the root user.
Use ulimit -u to find the maximum number of user processes that can run with the service user.
Number of files that can be opened with the service user must be same as the files that are opened with the root user.
Use the ulimit -Hn command to view the maximum number of files that can be open with the service user.
Using a service user account other than the root user account involves a one-time conversion that may significantly increase the upgrade time based on your catalog size.
Other than the installation directory, all external paths must be accessible by the service user.
See Giving access permissions to service user account on external paths.
Environment variable paths must be accessible by the service user.
The service user must have access to the OS temporary directory that is usually /tmp or /var/tmp. This may be dictated by P_tmpdir macro.
Service user account can be a password-less account.
If a service user is configured, legacy log files (/user/openv/netbackup/logs on UNIX or C:\Program Files\Veritas\NetBackup\logs on Windows) have a prefix as SERVICE_USER.
For example: SERVICE_USER.040921_00001.log
The service user name must contain less than 32 characters and must have English characters only.
If the bpcd and vnetd processes run under an application account such as Oracle Admin, you must not change that account to the service user account.