Required Permissions for Linux Recovery Server

Product version: 9.0

Last modified: 10 October 2023

Problem

The NAKIVO Backup & Replication recovery service fails to run on the Linux VM that is selected as the recovery server.

Background

On Linux, the NAKIVO Backup & Replication recovery service needs special permissions to run. However, such permissions are not configured by the default NAKIVO Backup & Replication installation due to security considerations.

Important

Note that the Secure Scan feature is not supported for the encrypted bhsvc files. When testing the connection the following error message appears: "Insufficient permissions on the Scan Server."

Solution

On the source server chosen for recovery, create a rule file for the Transporter server in /etc/pam.d/ by following the steps below:

1. Launch the vi editor and create a new bhsvc file:
   

   vi /etc/pam.d/bhsvc

Note
The /etc/pam.d/bhsvc file is required for:

• Ubuntu (for Amazon instances only)

• SUSE Linux Enterprise Server (for VMs on all hypervisors)

• Red Hat Enterprise Linux (for VMs on all hypervisors)

2. Edit the content of the bhsvc file to have its content as follows:
   

   auth required pam_unix.so nullok
   auth required pam_nologin.so
   account required pam_unix.so
   session required pam_selinux.so close
   session required pam_loginuid.so

3. Save the bhsvc file and close the vi editor:

   1. Press the Esc button to switch the vi editor to the Normal mode.

   2. Enter the ":" symbol to switch to the Command-line mode.

   3. In the Command-line mode, enter the "x" symbol and then press Enter.

4. Provide the necessary permissions for the bhsvc file:
   

   chmod 644 /etc/pam.d/bhsvc