default execute directory /tmp for Linux servers

[Peejay62]

probably I will create a supportcase on this matter but in advance, I noticed that when adding a Linux server to the managed servers view some kind of agent or software is started from /tmp on that server. Is there a possibility to have that changed to another path?
Because of implementing various hardening rules, of which one is put "noexec" on the /tmp fs, adding a linux server fails, at least it cannot get all the info of the Linux server. Anybody ran into this and had it solved?
btw, It is a good thing to put noexec on /tmp, intruders like to make use of /tmp to have unwanted things running.

thanks, Peter

[tsightler]

Hi Peter. Yes, it is possible to change this behavior via LinAgentFolder registry key. The key should be placed in HKLM\Software\Veeam\Veeam Backup and Replication registry branch.

Note that if you set this key all communications with Linux servers will attempt to use this folder. This can lead to some strange errors messages if the folder doesn't exist, for example, if you forget to create it on a host. I provision my systems with a veeam_svcs account which has permissions to /opt/veeam (which it uses as the home folder for the service account) and I also restrict operations of sudo to that folder (and in some cases specific commands in that folder).

[Peejay62]

Hi Tom,

thanks, it works.

[Thomas_Lee]

Hi , i would like to change the default execute directory /tmp for Linux Servers to /opt/veeam. How do i go about doing this? I came across an article however i would like to enquire the details in creating the LinAgent Folder registry key(Details that are needed to be set etc). Thanks.

vmware-vsphere-f24/default-execute-dire ... 65091.html

[nikolaj]

Hi Thomas,

I moved your topic here since it covers the same subject.
The registry key should be a standard String value (REG_SZ) with the appropriate path specified in the Value data form. You should create it in the HKEY_LOCAL_MACHINE\Software\Veeam\Veeam Backup and Replication registry branch.

Let us know if you need more info on the matter.

Thanks!

[Thomas_Lee]

Hi Nikolaj,

Thanks and appreciate the prompt reply, will do so as advice. Have a great day.

[Peejay62]

I have changed the LinAgentFolder to /var/opt/veeam a long time ago and worked with that. When I now add or rescan a linux server (virtual) to the managed server tree, I observe that Veeam tries to use /opt/veeam (/var is gone..). Have there been any changes (after upgrading to V11) ? Imo it ignores the LinAgentFolder setting. At least, for installing the transport service it uses /opt/veeam to create an upload folder. This again results in errors adding the managed server as there is no access to /opt/veeam. Any idea?

thanks, Peter

[mweissen13]

Hello Peter!
We are facing the same issue. We changed the LinAgentFolder to /opt/VeeamBackup/veeam-cc long ago. But the current version seems to ignore this setting and always tries to install the Transport Service under /opt/veeam, which fails.
Seems to be a bug, at least in the current Version P20210525.
Have you opened a support ticket?

[Peejay62]

Hello Michael,

no I haven't opened a support ticket (yet). I think I will. So you see the same issue, and indeed same as you the transport installation fails which one only observes happening when rescanning/re-editing a linux machine. In my console the linux machines look good within the infrastructure but the transport is missing and I guess this is causing some strange errors for those linux machines as desired transport mechanism is missing.

[soncscy]

As far as I know, Veeam changed how the handling of linux servers goes; previously it loaded the components at the runtime which is what the referenced registry value controlled -- where the temporary components were loaded and executed from.

v11 has a service now, so I wouldn't expect that the service be deployed in the same location or be influenced in the same way.

[Peejay62]

opened a case. Case #05007905. Wait to see what it will bring up.

[mweissen13]

we have case #02362269 open. although we initially started with another problem (which is still unsolved) we stumbled upon this problem and maybe they are related

[mweissen13]

As far as I know, Veeam changed how the handling of linux servers goes; previously it loaded the components at the runtime which is what the referenced registry value controlled -- where the temporary components were loaded and executed from.

v11 has a service now, so I wouldn't expect that the service be deployed in the same location or be influenced in the same way.

Well I have other V11 servers where this setting is still honored and working correctly. As long as i don't want to change the server's configuration which then tries to install the Transport service, which fails.