VMware Cloud Community
MCioe
Enthusiast
Enthusiast
‎09-10-2013 12:03 PM

Is there an alternative to the "su -" command on ESXi 5.1 hosts?

I have a script that I ran on my ESXi 5.0 hosts which required you to be root to execute it. You had to execute the su - command and enter the root password or login as the root account to run the script.  The command, su -, does not exist in 5.1 and I am hoping there is some alternative that I can use, besides telling the users to login as root.

I have read that the 5.1 user accounts now have administrative privileges and should no longer need to use the su command, but that doesn't seem to be the case for me.  Is there something I am missing?

The first command my script has problems with when I run it as a regular user is "vim-cmd vmsvc/getallvms".  I get the following error: Failed to login: vim.fault.NoPermission.  This is on a host with no VMs on it.

I appreciate any suggestions.

Maureen

0 Kudos
8 Replies
MarVista
Enthusiast
Enthusiast
‎09-10-2013 12:13 PM

you can use sudo command to instead of su -

0 Kudos
MCioe
Enthusiast
Enthusiast
‎09-10-2013 01:28 PM


It appears the sudo command doesn't exist either. I get the following error:   -sh: sudo: not found

0 Kudos
ssbkang
Enthusiast
Enthusiast
‎09-10-2013 04:08 PM

I've just tried with my ESXi 5.1 test box and works fine with a local user, don't need su - or sudo.

~ # vim-cmd vmsvc/getallvms

Vmid  Name                  File                      Guest OS          Version  Annotation

1      test1  [datastore1 (1)] test1/test1.vmx  windows7Server64Guest  vmx-09          

2      test2  [datastore1 (1)] test2/test2.vmx  windows7Server64Guest  vmx-09          

3      test3  [datastore1 (1)] test3/test3.vmx  windows7Server64Guest  vmx-09          

4      test4  [datastore1 (1)] test4/test4.vmx  windows7Server64Guest  vmx-09          

Have you assigned proper permission to the user? I've assigned Administrator to it for the testing purpose.

0 Kudos
Gortee
Hot Shot
Hot Shot
‎09-10-2013 04:11 PM

Evening,

You might want to look into the vma from vmware this virtual appliance will give you the ability to execute commands on the host without too much escalation.  

Just a two cents suggestion.

Thanks,

Joseph Griffiths http://blog.jgriffiths.org @Gortees VCDX-DCV #143
0 Kudos
MarVista
Enthusiast
Enthusiast
‎09-11-2013 12:55 AM

with the latest version of Vsphere  the administrative privileges can be removed from the default root account and individually assigned to Local Users which will provide them full access to the ESXi shell.

Try to edit your user Property and make sure that your user has the “Grant shell access” check-box checked then edit its permission  and add it to the Administrator group after that try to execute your script and let me know how it goes .

0 Kudos
MarVista
Enthusiast
Enthusiast
‎09-11-2013 02:16 AM

Hello MCioe,

You can try "runuser" command using root instead of user.

You can use this command to run as another user or as root user.

Hope will help.

Yours,
Mar Vista

0 Kudos
MCioe
Enthusiast
Enthusiast
‎09-11-2013 05:50 AM

I don't have any groups listed when I create users and can't seem to add users to the Administrative group in the vSphere Client.  I can see some of the default users (root, dcui) have the Administrator role, but can't seem to add any new accounts.   Grant shell access is enabled as I can definitely log into the host with the new user account.

My environment only has the vSphere Client and the ESXi host; i.e. no vCenter.  Would that make a difference in the group/role assignment?

Also, runuser does not exist on the ESXi host either.

0 Kudos
ssbkang
Enthusiast
Enthusiast
‎09-11-2013 02:46 PM

Here is a short video, this would help but you can ignore the last bit, when he tries su -. It should just work after setting up an user!

How to add SSH user to an ESX host (VMware) - YouTube

0 Kudos