If that's not possible, how about allow Command Line but neither Direct User Console nor vSphere Client?
Thanks!
So you just want the user to have SSH or console access, but not DCUI or vSphere API?
It's possible, but you wouldn't be able to do much once you're in the console. What tasks would this account have to perform via SSH?
Thanks Dava!
My situation is that I have sent my server to the 3rd party data center. I need to grant permission for engineers from the data center to configure IP/Gateway for the NIC cards.
I could create a temp account that is a member of the root group. They'll be able to login to the DCUI / SSH and configure things. You can then delete it.
Dave, I've created a new user in vSphere Client and made it a member of root group. Then I gave it Administrator role. But the user still cannot log into CLI. He can only logon into DUCI. Where I've missed?
matkin wrote:
Dave, I've created a new user in vSphere Client and made it a member of root group. Then I gave it Administrator role. But the user still cannot log into CLI. He can only logon into DUCI. Where I've missed?
You'll have to do some editing in ESXi CLI to get another user to SSH to the server.
Try these:
1. Remove the user from the administrator role since you do not want to have access via the vSphere Client.
2. SSH/Alt +F1 (from DCUI) to the host CLI logon as root. (Remote or Local Tech Support (SSH) needs to be enabled in the DCUI)
3. cat /etc/passwd and confirm that the user account is there.
4. cp /etc/passwd /etc/passwd.bak
5. vi /etc/passwd
6. Change the entries for your user home directory and shell to match the root account.
e.g. default: esxadmin:x:501:5:esxadmin:/home/esxadmin:/sbin/nologin changed to esxadmin:x:501:5:esxadmin:/:/bin/ash
This entry in /etc/passwd tends to reset itself when you add another user.
The user will be able to now logon but will need to su - to run any management commands, like esxcfg-nics or esxcfg-vswitch.
Good luck.