The veeam group is automatically created by Veeam Agent for Linux at the process of the product installation. To let regular users work with Veeam Agent for Linux without the need to gain root privileges, you can add the necessary users to this group. Users in the veeam group will be able to execute Veeam Agent for Linux commands and perform backup and restore tasks under regular user account.
2 questions:
1) We carefully curate local groups for compliance purposes: is there a way to suppress the creation of this group on RHEL7 rpm installation?
2) If I manually delete this group from /etc/groups, and instead serve a group name called "veeam" from our Active Directory integration via SSSD, will that be sufficient? Can I pick which group name represents this privilege?
1) No, there is not such way yet. I've logged that as an improvement request already.
2) Although you can serve the group from AD, if there is no 'veeam' group in /etc/groups, the service will fail to start. That is also taken into account for future versions
2) Although you can server the group from AD, if there is no 'veeam' group in /etc/groups, the service will fail to start. That is also taken into account for future versions
So I can have an empty "veeam" group in /etc/group, with membership of a different "veeam" group provided for example by SSSD, and it should be sufficient? I am asking if it will be enumerated by name or by GID, and whether it will be enumerated specifically out of /etc/group list of members or by a generic "getent" style function call.