Privileges For Remote Connection In Linux - ACRONIS Backup & Recovery 10 Advanced Server User Manual

2.13.7.3 Privileges for remote connection in Windows
To establish a remote connection to a machine running Windows, the user must be a member of the
Acronis Remote Users security group on that machine.
After remote connection is established, the user has management rights on the remote machine as
described in User rights on a managed machine (p. 30).
Note: On a remote machine running Windows Vista with enabled User Account Control (UAC)—and which is not
part of a domain—only the built-in Administrator user can back up data and perform disk management
operations. To overcome the restriction, include the machine into a domain or disable UAC on the machine (by
default, UAC is enabled). The same applies to machines running Windows Server 2008 and Windows 7.
For information about Acronis security groups and their default members, see Acronis security
groups (p. 76).
2.13.7.4

Privileges for remote connection in Linux

Remote connections to a machine running Linux—including those performed by the root user—are
established according to authentication policies, which are set up by using Pluggable Authentication
Modules for Linux, known as Linux-PAM.
For the authentication policies to work, we recommend installing the latest version of Linux-PAM for
your Linux distribution. The latest stable source code of Linux-PAM is available at Linux-PAM source
code Web page.
Remote connection as the root user
Remote connections by the root user are established according to the Acronisagent authentication
policy, which is automatically set up during the installation of Acronis Backup & Recovery 10 Agent
for Linux, by creating the file /etc/pam.d/Acronisagent with the following content:
#%PAM-1.0
auth required
auth required
account required
Remote connection as a non-root user
Since accessing the system as the root user should be restricted, the root user can create an
authentication policy to enable remote management under non-root credentials.
The following are two examples of such policies.
Note: As a result, the specified non-root users will be able to connect to the machine remotely as if they were
root users. A security best practice is to make sure that the user accounts are hard to compromise—for
example, by requiring that they have strong passwords.
Example 1
This authentication policy uses the pam_succeed_if module and works with Linux distributions with
kernel version 2.6 or later. For an authentication policy which works with kernel version 2.4, see the
next example.
Perform the following steps as the root user:
1. Create the Acronis_Trusted group account, by running the following command:
groupadd Acronis_Trusted
Copyright © Acronis, Inc., 2000-2010
pam_unix.so
pam_rootok.so
pam_unix.so
75