Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000218459

NetWorker: NVP vProxy FLR User Account With Sudo Access is Unable to Browse /root Directory

Summary: The File Level Restore (FLR) user account can install the FLR agent and browse most directories. The user account is not able to browse the /root directory from the NetWorker Management Console (NMC) recover wizard. ...

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

  • The vProxy Admin has configured a File Level Restore (FLR) user account to have sudo access. The FLR user can install the FLR agent and browse most directories; however, they are unable to browse the /root directory from the NetWorker Management Console (NMC) recover wizard. Some customer's security policies do not allow for using "root" during FLR so they have to use a non-root sudo user account.
  • FLR fails to browse some directories on a Linux virtual machine (VM) when using a nonroot sudo user account.
  • The sudo user account has been configured as per the NetWorker VMware Integration Guide.
  • The FLR is performed from the NMC recover wizard.
  • The FLR mount succeeds using the sudo user account, but the browse operation fails on directories restricted to the root user:
Figure 1: Screenshot of an error message received when running the browse operation
Figure 1: Screenshot of an error message received when running the browse operation
  • Error message:
Error while browsing 200: Error received from vProxy: "Could not get directory contents: Unable to retrieve file list from 1XX.1XX.9.1X2 (vm-1010) path '//root offset 0. Unable to perform FLR Agent operation 'browse_files' on VM 1XX.1XX.9.1X2 (vm-1010): Cannot open '/opt/emc/vproxysra/flr/mountpoints/FLR14XXXXX636/root/root': open /opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/root/root: permission denied". 
  • The vProxy's /opt/emc/vproxy/runtime/logs/vflrd/browse-*.log reports:
YYYY-MM-SSTHH:mm:SSZ ERROR:  [@(#) Build number: ##] Could not get directory contents: Unable to retrieve file list from VM_IP (VM_MOREF) path '//root' offset 0.  Unable to perform FLR Agent operation 'browse_files' on VM VM_IP (VM_MOREF):  Cannot open '/opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root': open /opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root: permission denied
 

Cause

The FLR "sudo user" does not have access to the mountpoint on the target VM without elevation: 
[flradmin@lnx-client02]$ ls -l /opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root
ls: cannot open directory '/opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root': Permission denied
[flradmin@lnx-client02]$

The user requires using 'sudo' to access files in the "restricted" directory:

[flradmin@lnx-client02]$ sudo ls -l /opt/emc/vproxyra/flr/mountpoints/FLR14XXXXX636/lvm03-root/root
total 8
-rw-------. 1 root root 1387 Jul  6 22:12 anaconda-ks.cfg
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Desktop
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Documents
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Downloads
-rw-r--r--. 1 root root 1833 Jul  6 22:21 initial-setup-ks.cfg
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Music
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Pictures
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Public
-r-xr-x---. 1 root root    0 Oct  3 09:13 somefile
drwxr-xr-x. 3 root root   59 Aug  7 16:12 swrepo
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Templates
drwxr-xr-x. 2 root root    6 Jul  6 22:21 Videos
[flradmin@lnx-client02 root]$

NetWorker Management Console does Not have an Elevated Privilege option for FLR sudo access user account. The user account is not able to use elevation to browse and access the files in the mountpoint.

Resolution

There are two options available:

Option 1:

When performing an FLR of files in restricted directories (for example, /root), perform the FLR from the NetWorker Web User Interface (NWUI) using the sudo user account and the "Run with elevated privileges" option."

Screenshot of NWUI using sudo account with "Elevated Privileges"
Figure 2: Screenshot of NWUI using sudo account with "Elevated Privileges"

This allows the user account to browse the contents of "restricted" directories and perform restores using the sudo user account:

Screenshot of restricted directory contents
Figure 3: Screenshot of restricted directory contents

Option 2:

  1. Initiate the FLR mount from the NetWorker Management console.
  2. Before browsing the file system, log in to the target VM as the sudo user account.3. Use the below command to identify files needed for restore under
  3. Use the below command to identify files required to be restored under 
/opt/emc/vproxyra/flr/mountpoints/
ls
  1. Use the below command to copy files from the temporary mountpoint to the target VMs file system.
sudo cp /opt/emc/vproxyra/flr/mountpoints/xxxxxxx/file_being_recovered /path/to/restore/
 

Additional Information

A Request for Enhancement (RFE) NW-I-2218 has been filed to add a "run with elevated privileges" option to the NetWorker Management Console (NMC) recover wizard. If you would like to track this RFE, contact your Dell Sales Account Representative with RFE number NW-I-2218.

Article Properties

Product

NetWorker Family

Last Published Date

27 Dec 2023

Version

6

Article Type

Solution

Back to Top