If you want to be able to backup all file data on the client, looking at:

Windows

• Install the agent with a local admin and either leave the services on Local System or assign local admin service account

Linux

• Install agent with Root or Sudo or during installation provide a dedicated UNIX Group with the necessary rights

If we are talking about application agents there might a need for additional rights.

@Jos Meijer So I can not perform the installation on the Linux client if I don't have sudo access to the root.

Also when the backup runs, what permissions are required by the Commvault agent to scan all files/directories and keep track of changes in files.

You can run without a sudo or root (except on Macintosh), but this will limit your backup to the file locations within the rights of this user which performed the install.

Regarding rights on the FS, this is the statement in documentation:

UNIX Group

We recommend that you assign a dedicated UNIX group for all Commvault processes. Users associated to that group are granted access rights over Commvault configuration files, registry, and log files. If you do not assign a group, you must set access permissions for other users during the installation. Only the root group has all access rights by default.

If you plan to install a database agent (for example, Oracle), assign the UNIX group that is used by the database application, and add the database users to the group. The group grants access rights for both Commvault and database application processes.

Access Permissions for the UNIX Group and Other Computer Users

If you do not assign a dedicated UNIX group, you must set sufficient access permissions for other users (other than root users) during the installation. By default, read and execute permissions are granted to other users during installations from the installation package, and read, write, and execute permissions during installations from the CommCell Console.

If you do assign a dedicated UNIX group, you will be able to set the access permissions for the group. By default, read, write, and execute permissions are granted to the UNIX group.

Note:

For installations on AIX computers and for 32-bit installations, grant read permissions for other users to ensure that services are started when the installation completes.

Review the writable permissions to other (world) computer users if the last two digits of file permissions are 2, 3, 6, or 7, for potential security vulnerability.

For the Commvault binaries: https://kb.commvault.com/article/INS0035

If I were you I would use a sudo account or dedicated group with full access.
But this depends on what your company policy is in this matter.
If you have a CISO then I would contact him/her to find out what is allowed.