Operational Defect Database

BugZero found this defect 564 days ago.

Veeam | kb4348

How to Change Account Used by Linux Hardened Repository

Last update date:


Affected products:

Veeam Backup & Replication

Affected releases:


Fixed releases:

No fixed releases provided.



This article documents the procedure for changing which account is used by Veeam Backup & Replication to communicate with underlying Linux Server used by a Hardened Linux Repository, including reassigning ownership of existing backup files.


When attempting to upgrade to Veeam Backup & Replication 12, the upgrade Configuration Check displays a Compatibility issue: "Insecure hardened repository configuration." The mouse-over tooltip for this issue states: Please update the account used by the following Linux servers according to the Veeam Support Knowledge Base article KB4348: <Linux Server Name>


In Veeam Backup & Replication, a Hardened Repository refers to the use of single-use credentials or immutability, or a combination of both. In Veeam Backup & Replication 11, when configuring a Hardened Repository with Immutability, it is recommended to use single-use credentials but not strictly required. Starting in Veeam Backup & Replication 12, single-use credentials will become a requirement for Hardened Repository Immutability. To allow the upgrade to Veeam Backup & Replication 12 to complete, ensure that the account assigned to the underlying Linux server associated with the Hardened Repository with Immutability is either: Single-use credentials for hardened repository (recommended)or A non-root Account or Private Key that has sudo or su elevate capabilities with Elevate account privileges automatically enabled. During the upgrade to Veeam Backup & Replication 12, the persistent non-root account will be converted to a single-use credential.   Change Account Edit the Linux Server On the SSH Connection page of the Wizard, Click Add and select "Single-use credentials for hardened repository" Click Next through the pages of the Wizard, and finally, Click Finish to save the changes.   After changing the account used with the Linux server,  the Veeam Data Movers will lose access to previously written restore points. Use the script below to reassign ownership of the backup files to the new non-root account to ensure continued access to the existing restore points.   Reassigning Ownership of Restore Points When changing the account used by Veeam Backup & Replication to connect to the Linux server, all files and folders within the repository path must have their ownership changed using the chown command. However, the files marked as immutable must first have their immutability status removed using chattr -i. Once the ownership has been changed, the immutability flag must be reapplied to those files where it was removed using chattr +i. It is critical that only the files that were immutable before the ownership change have the immutability flag reapplied. Below is an example bash script that performs these steps and tracks which files were immutable before the ownership change. This script is an example and may not function with some distributions of Linux. It should be run as root (or using sudo) to reassign ownership of the backup files in the immutable repository path. Script Syntax: ./change_backup_owner.sh <repository_path> <username> <groupname>

More Information

Veeam Backup & Replication User Guide: Hardened Repository

Additional Resources / Links


BugZero® Risk Score

What's this?

Coming soon



Learn More