Safehaven
Contributor
Contributor

Best practice - User that run VM's ?

Ok, I have scanned through the VI3 documentation (maybe too fast?) without getting an exact answer on this one:

Best practice clearly advice us to create dedicated users that runs the different VM's created on the ESX server. It is not adviced to run any VM's as the root user.

So, I tried the angle with creating an ordinary user on the system and next I was about to give him the right to create, modify and run VM's without beeing able to touch any of the configuration at the server in general. I do not have Virtual Center implemented, just the Web Interface and the Virtual Infrastructure Client as administrative tools.

The permission section at the "permissions" tab in the VIC seemed impressive at first sight ... until I discovered that I only was able to delegete three preedefined roles none/read/administrator. Well, I gave my user administrative rights, logged in with the same user in the VIC interface and created a VM machine. When I check the owner of the VM it still is root that stands as the owner of the machine.

So how am I supposed to do this? First create the VM as root and then chown the owner right to the user? or is it some procedure here that I am not aware of?

0 Kudos
2 Replies
Safehaven
Contributor
Contributor

Anyone have any input on this one?

0 Kudos
JDLangdon
Expert
Expert

The permission section at the "permissions" tab in

the VIC seemed impressive at first sight ... until I

discovered that I only was able to delegete three

preedefined roles none/read/administrator.

You are only able to delegate three predefined roles because you are going directly against the ESX host. If you were using VirtualCenter, you would see more roles.

So how am I supposed to do this? First create the VM

as root and then chown the owner right to the user?

or is it some procedure here that I am not aware of?

I've always used VirtualCenter so I may be missing the obvious but, as long as your regular user is apart of the administrators role, why does it matter who the owner of the VM is.

Jason

0 Kudos