Local users created during installation

Edit online

When you install IBM Storage Protect Plus and vSnap servers, the installation procedure creates local users for managing the system.

The following local users are created at the time of installing IBM Storage Protect Plus and vSnap servers:
  • IBM Storage Protect Plus server users:
    • admin: The admin user has the same access rights as the superuser. The purpose of the admin user is to manage IBM Storage Protect Plus UI environment. The default user ID and password must be changed for the admin user.
    • serveradmin: The serveradmin user has the same access rights as the root user. The purpose of the user is to manage administration and installation activities. For example, VADP proxy in IBM Storage Protect Plus UI. You can use the serveradmin user to run commands from the command line interface.
    • Other users (virgo, postgres, rabbitmq, mongod): Each of the users has a purpose and responsible for respective services. For example, the rabbitmq user owns the file that is created by the RabbitMQ service. The same applies to other users. The users are helpful in managing access of logs and data file (for the databases). For example, if the virgo user needs to access the logs, you can add the virgo user to the appropriate group, without providing access of the logs to all the users in the system.
  • vSnap server users:
    • serveradmin: The serveradmin is a general purpose system administration for the vSnap server. You can use the serveradmin to register the vSnap server in the IBM Storage Protect Plus server.
    • nginx: The third-party nginx RPM creates the nginx user. The user account is used to run the nginx REST server. However, you can modify the configuration to run the REST server in the context of the vsnap account.
    • uwsgi: The third-party uwsgi RPM creates the uwsgi user. The uwsgi user is used to run the uwsgi services with limited privileges. The nginx and uwsgi both are the component services that run the vSnap API.
    • gluster: The glusterfs RPM creates the gluster user when it gets pulled in a transitive dependency at the time tcmu-runner installation. The tcmu-runner application runs the copy to cloud jobs.
    • vsnap: The vsnap user is created at the time of vSnap application installation. The vsnap user has the limited privileges and is used to run the external API server. The vsnap account is also used for replication data transfer. During replication, the source vSnap server connects to the target vSnap server by using the vsnap user and opens an SSH tunnel. The replication data is transferred by using that tunnel.
    • vsnaptunnel: The vsnaptunnel user is created at the time of vSnap application installation. The vsnaptunnel user has the limited privileges and is used for data transfer with external clients, such as VADP proxy or application agents. For applications that use SMB/CIFS protocol during backup and restore, the vsnaptunnel account is used to login to the SMB/CIFS share. Also, when the Transport Encryption feature is enabled, the vsnaptunnel user opens an SSH tunnel between the vSnap server and the application server, and the iSCSI data transfer occurs by using that tunnel.