VMware Cloud Community
JackFlash
Contributor
Contributor

How to revert root user role from "readonly" to "administrator" again -ESX3

We changed the root user role by mistake to read-only.

How can we revert it to "Adminstrator again".

Thanks,

Jack.

Reply
0 Kudos
10 Replies
Niranec
Enthusiast
Enthusiast

Maaan!

That's like cutting the branch you are sitting on.

Reply
0 Kudos
JackFlash
Contributor
Contributor

The interesting thing that it only required one small wrong click of the mouse and the system did not even ask for approval as far as I understood. Other than that there should be away to boot in maintenance mode and fix it or the such.

Reply
0 Kudos
ANSA
Expert
Expert

If downtime is not an issue, you may want to reinstall the ESX software keeping the existing partitions.

Reply
0 Kudos
JackFlash
Contributor
Contributor

Downtime is not an issue, but I expect there is a simpler way to fix it...

Reply
0 Kudos
boydd
Champion
Champion

That's why you always want to create another user that has root equiv (Just in case). Even if you had a standard user - sudo. You could try to bring up the server in single user mode and re-add root to root.

DB

DB
Reply
0 Kudos
DeeJay
Enthusiast
Enthusiast

Just so I understand. You've reset the permission within the Virtual Infrastructure client, but Root still has admin privs on the Service Console?

Reply
0 Kudos
JackFlash
Contributor
Contributor

What happened is I think a bug...

We tried to add a new user and give it specific rights.

The new user operation set it as read only but without our notice it had set root as read only as well.

We had re-created this scenario (after re-installing ESX...).

Also, Its a bit disapponting that no one knows for now how to fix this rights issue from single user mode without re-installing ESX...

Jack.

Reply
0 Kudos
analogkidd
Contributor
Contributor

Jack,

I am here searching for a solution to the very same problem, and have the same exact cause. I just created a new user with rights to only one of the Virtual Machines, and now my root account is locked out (i.e. I get "Login failed..." from the VIC and "Login Incorrect" from the CLI).

And coming here and finding the only solution is to re-install ESX is disappointing indeed. This is clearly a bug that VMware needs to fix.

Reply
0 Kudos
Grimson
Contributor
Contributor

Hi,

I had to edit the file

/etc/vmware/hostd/authorization.xml with default install permissions copied from another ESX server (standalone ESX 3.0.2 server)

-


<ConfigRoot>

<ACEData id="10">

<ACEDataEntity>ha-folder-root</ACEDataEntity>

<ACEDataId>10</ACEDataId>

<ACEDataIsGroup>false</ACEDataIsGroup>

<ACEDataPropagate>true</ACEDataPropagate>

<ACEDataRoleId>-1</ACEDataRoleId>

<ACEDataUser>root</ACEDataUser>

</ACEData>

<NextAceId>11</NextAceId>

</ConfigRoot>

-


ESX Server restart.

Reply
0 Kudos
LeNNyfromNL
Enthusiast
Enthusiast

I had this issue also today. Grimson's post got me back on track again. I have a ESX 4.0 (vSphere) where i did the same thing as the topic starter. The solution in fact is more simple.

1: Edit the file /etc/vmware/hostd/autorizations.xml

2: Change the number in every line "<ACEDataRoleId>-1</ACEDataRoleId>" to 1 (This means "Administrator"). The number 2 means the role "Read-Only"

3: Save the file

4: do a "service vmware-vmkauthd restart"

5 do a "service mgmt-vmware" restart

6: problem solved without the need to restart the ESX host.


Daniël Zuthof
Twitter: @DanielZuthof
https://blog.zuthof.nl
Don't forget to mark as solved if your questions are answered.
Reply
0 Kudos