NetWorker: NVP vProxy FLR User Account With Sudo Access is Unable to Browse /root Directory

Shrnutí: The File Level Restore (FLR) user account can install the FLR agent and browse most directories. The user account is not able to browse the /root directory from the NetWorker Management Console (NMC) recover wizard. ...

Tento článek se vztahuje na Tento článek se nevztahuje na Tento článek není vázán na žádný konkrétní produkt. V tomto článku nejsou uvedeny všechny verze produktu.
Podívejte se na další zdroje

Příznaky

  • The vProxy Admin has configured a File Level Restore (FLR) user account to have sudo access. The FLR user can install the FLR agent and browse most directories; however, they are unable to browse the /root directory from the NetWorker Management Console (NMC) recover wizard. Some customer's security policies do not allow for using "root" during FLR so they have to use a non-root sudo user account.
  • FLR fails to browse some directories on a Linux virtual machine (VM) when using a nonroot sudo user account.
  • The sudo user account has been configured as per the NetWorker VMware Integration Guide.
  • The FLR is performed from the NMC recover wizard.
  • The FLR mount succeeds using the sudo user account, but the browse operation fails on directories restricted to the root user:
Figure 1: Screenshot of an error message received when running the browse operation
Figure 1: Screenshot of an error message received when running the browse operation
  • Error message:
Error while browsing 200: Error received from vProxy: "Could not get directory contents: Unable to retrieve file list from 1XX.1XX.9.1X2 (vm-1010) path '//root offset 0. Unable to perform FLR Agent operation 'browse_files' on VM 1XX.1XX.9.1X2 (vm-1010): Cannot open '/opt/emc/vproxysra/flr/mountpoints/FLR14XXXXX636/root/root': open /opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/root/root: permission denied". 
  • The vProxy's /opt/emc/vproxy/runtime/logs/vflrd/browse-*.log reports:
YYYY-MM-SSTHH:mm:SSZ ERROR:  [@(#) Build number: ##] Could not get directory contents: Unable to retrieve file list from VM_IP (VM_MOREF) path '//root' offset 0.  Unable to perform FLR Agent operation 'browse_files' on VM VM_IP (VM_MOREF):  Cannot open '/opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root': open /opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root: permission denied
 

Příčina

The FLR "sudo user" does not have access to the mountpoint on the target VM without elevation: 
[flradmin@lnx-client02]$ ls -l /opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root
ls: cannot open directory '/opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root': Permission denied
[flradmin@lnx-client02]$

The user requires using 'sudo' to access files in the "restricted" directory:

[flradmin@lnx-client02]$ sudo ls -l /opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root
total 8
-rw-------. 1 root root 1387 Jul  6 22:12 anaconda-ks.cfg
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Desktop
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Documents
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Downloads
-rw-r--r--. 1 root root 1833 Jul  6 22:21 initial-setup-ks.cfg
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Music
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Pictures
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Public
-r-xr-x---. 1 root root    0 Oct  3 09:13 somefile
drwxr-xr-x. 3 root root   59 Aug  7 16:12 swrepo
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Templates
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Videos
[flradmin@lnx-client02 root]$

NetWorker Management Console does Not have an Elevated Privilege option for FLR sudo access user account. The user account is not able to use elevation to browse and access the files in the mountpoint.

Řešení

There are two options available:

Option 1:

When performing an FLR of files in restricted directories (for example, /root), perform the FLR from the NetWorker Web User Interface (NWUI) using the sudo user account and the "Run with elevated privileges" option."

Screenshot of NWUI using sudo account with "Elevated Privileges"
Figure 2: Screenshot of NWUI using sudo account with "Elevated Privileges"

This allows the user account to browse the contents of "restricted" directories and perform restores using the sudo user account:

Screenshot of restricted directory contents
Figure 3: Screenshot of restricted directory contents

Option 2:

  1. Initiate the FLR mount from the NetWorker Management console.
  2. Before browsing the file system, log in to the target VM as the sudo user account.3. Use the below command to identify files needed for restore under
  3. Use the below command to identify files required to be restored under 
/opt/emc/vproxyra/flr/mountpoints/
ls
  1. Use the below command to copy files from the temporary mountpoint to the target VMs file system.
sudo cp /opt/emc/vproxyra/flr/mountpoints/xxxxxxx/file_being_recovered /path/to/restore/
 

Další informace

A Request for Enhancement (RFE) NW-I-2218 has been filed to add a "run with elevated privileges" option to the NetWorker Management Console (NMC) recover wizard. If you would like to track this RFE, contact your Dell Sales Account Representative with RFE number NW-I-2218.

Produkty

NetWorker Family
Vlastnosti článku
Číslo článku: 000218459
Typ článku: Solution
Poslední úprava: 23 Oct 2024
Verze:  7
Najděte odpovědi na své otázky od ostatních uživatelů společnosti Dell
Služby podpory
Zkontrolujte, zda se na vaše zařízení vztahují služby podpory.