VMware Cloud Community
vMigrator
Contributor
Contributor

ESX 3.5 Post Install Script-Add Read-Only User Account

Our company deploys 3.5 via kickstart for the basic install and a couple of shell scripts to finish off with. Among the post install routines is adding local user accounts on the ESX hosts. There is a monitoring software package called Foglight that is required to have a local user account on each host. However, we want to have read-only access for this account. The vendor states this user ID is required by the software.

Currently, we open a VC client and connect directly to the ESX host and add the user and give it read-only. Can anyone shed some light on syntax that can be used to do this by script?

Thanks!

Reply
0 Kudos
8 Replies
AndreTheGiant
Immortal
Immortal

See this thread:

Or this link:

http://www.yellow-bricks.com/2008/11/24/adding-a-role-to-a-user-from-the-service-console/

You have to create the user (with useradd for example) and add it to ReadOnly role (with vmware-vim-cmd).

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
Reply
0 Kudos
vMigrator
Contributor
Contributor

Thanks for the links. I'm not sure if these address my issue or not, it seems I need to try to combine both solutions somehow. All hosts are 3.5 and all are deployed using kickstart and shell scripts.

So, is there a way to script your suggestion: You have to create the user (with useradd for example) and add it to ReadOnly role (with vmware-vim-cmd).

Reply
0 Kudos
pskurtwest
Contributor
Contributor

How are you giving it Read-only access now? When I create a user in VC I don't see a "Read Only" option. I have grant shell access, set the password and assign a group.

Reply
0 Kudos
AndreTheGiant
Immortal
Immortal

VC permissions are different from ESX permissions Smiley Wink

Andre

Andrew | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
Reply
0 Kudos
pskurtwest
Contributor
Contributor

Wait...I thought he said he was connecting directly to his ESX host with VC to create a local user on the host. That is what I am doing.

GRR!! nevermind.....I am confused.

Reply
0 Kudos
vMigrator
Contributor
Contributor

Yes, that is correct. Currently, they go in manually and create the user account via COS after each host deployment. Then they open a VC client and add the user ID and give it read-only view. However, I don't think that is an efficient way to do that. The Foglight application requires at least a read-only account on each host and I know it has nothing to do with the VC account. So, I'm trying to find a way to create within the install script the addition of this account and give it read-only access.

I'm probably thinking permissions changes on the home folder but not certain that is relevant. The application itself monitors host performance and has its' own API that runs from the users' local desktop and it uses that Linux account on each host.

Reply
0 Kudos
vMigrator
Contributor
Contributor

No worries, sir! I appreciate the feedback I've gotten so far. I'm probably looking at some kind of Frankenstein script combining a couple different solutions. I'm not sure why they're creating this read-only account in the VC client as it doesn't have anything to do with the host UNIX account.

Reply
0 Kudos
vMigrator
Contributor
Contributor

We're trying a Frankenscript based on the input from these threads. Thanks everyone!

Reply
0 Kudos