Changing the service user after installation or upgrade
After NetBackup is installed, you create MSDP storage server. If NetBackup is configured to run with the non-root service user before MSDP storage server is created, MSDP can also be run with the service user automatically.
If MSDP services are not running as the service user, you can manually change the service user by using the msdpserviceusercmd command.
Following are the prerequisites to run MSDP with the non-root service user:
Check if NetBackup services can be run with the non-root user. If NetBackup services cannot be run with the non-root user, change the NetBackup service user account. For more information, see the NetBackup Security and Encryption Guide.
On the NetBackup BYO, run the following command to check the maximum number of files that service user can open:
ulimit -Hn
Set the limit to 1048576 in
/etc/security/limits.conffile.
To change the MSDP service user on NetBackup BYO
- Stop the following services:
systemctl stop crond.service
/usr/openv/netbackup/bin/bp.kill_all
/opt/VRTSpbx/bin/vxpbx_exchanged stop
- Run the following command to change the MSDP service user.
/usr/openv/pdde/pdconfigure/scripts/support/msdpserviceusercmd
- Start the following services:
/opt/VRTSpbx/bin/vxpbx_exchanged start
/usr/openv/netbackup/bin/bp.start_all
systemctl start crond.service
To change the MSDP service user on the media server on Flex Appliance
- Stop the following services:
/opt/veritas/vxapp-manage/health disable
systemctl stop crond.service
/opt/veritas/vxapp-manage/stop
- Run the following command to change the MSDP service user.
/usr/openv/pdde/pdconfigure/scripts/support/msdpserviceusercmd
- Start the following services:
/opt/veritas/vxapp-manage/start
systemctl start crond.service
/opt/veritas/vxapp-manage/health enable
To change the MSDP service user on NetBackup Appliance
- Stop the crond service from the NetBackup Appliance shell menu.
Main_Menu > Support > Service Stop crond
For the usage of NetBackup Appliance Shell Menu, see the NetBackup Appliance Commands Reference Guide.
- Stop the NetBackup processes from the NetBackup Appliance shell menu.
Main_Menu > Support > Processes > NetBackup Stop
- Run the following command from the NetBackup CLI to change the MSDP service user.
nbucliuser-!> msdpserviceusercmd
For the usage of NetBackup CLI, see About the NetBackupCLI user role topic of the NetBackup Appliance Security Guide.
- Start NetBackup processes from the NetBackup Appliance shell menu.
Main_Menu > Support > Processes > NetBackup Start
- Start the crond service from the NetBackup Appliance shell menu.
Main_Menu > Support > Service Restart crond
Note:
MSDP service user is same as NetBackup service user.
msdpserviceusercmd can take long time depending on the MSDP storage data size. If you think that the command may be interrupted (for example, you turn off the laptop), run msdpserviceusercmd command in the background using Linux command nohup.
If msdpserviceusercmd is interrupted, MSDP service fails to start. In that case, run the command again to restart the process to change the service user.
When you add an additional MSDP storage volume using the command crcontrol --dsaddpartition [volume path], ensure that the MSDP service user has the read and write permissions on the new storage volume path.
The services spad, spoold, ocsd, and s3srv are the MSDP services that run with the service user. MSDP web service spws always runs with the spws user.