The only work-around that I found was changing the UID of the new user to match root, 0 and then you can access anything owned by root.

To answer Dave's question... I'm only looking to give myself the ability to manage folders from my desk.

esiebert, if I put this user in the root group, will this give this user the ability to do as much damage as root? I'm use to Windows and NetWare in which you can give a user rights to a folder and then he can modify anything in or below that folder. Can this be done in the same way with ESX?

Dave, I forgot to answer your second question. I am running VirtualCenter, but I'm new to this so I might not be running it very well

I'm not entirely sure, the actual root user is a member of the root, bin, daemon, sys, adm, disk, wheel groups. I added a user to the root group and could not access files created by root without changing the UID to 0 to match root. You can probably assign rights to folders in Linux like in Windows, I'm no Linux expert though so I'm not sure of the procesdure for that.

The VM files are created with rw------- permissions and are owned by user root and have group root. This means that only owner (i.e., root or user with UID 0) has read and write permission and there are no other permissions set for anyone else. If you wanted to be able to manage (i.e., read and write) these files as another user you would have to 'chmod' the files, such that this other user has access to it. For example, if you do:

chmod 660 Filenames

Then the group is also given permission to read and write and your user that belongs the root group will be able to 'manage it'.

Dave, I like the idea of using the su -l command. Is there a way to accomplish the same thing in WinSCP? Can I login to WinSCP as my sshuser and then switch to being root once I'm connected?

Also, mbrkic mentioned the command "chmod 660 Filenames". Is it possible to run a command that would give sshuser rwx rights to a folder and any subfolders and files under that folder?

You could run chmod (you'd probably want chmod 777 to give rwx to the root group and other groups) and you would want to run it on both the folder and the files in the folders (chmod 777 * will work fine for the files - assuming the VM is not running or the files are in use by some other process).

I made the above changes and it didn't seem to affect the VMs in a negative manner. The permmissions are preserved if you migrate the VM to another ESX host and keep it on the same data store. The permissions reset to normal if you migrate the VM to a new data store.

I'm not sure you'll be able to do an SU with winscp, but if you are copying file to and from your ESX host, you should be running vmkfstools -e (to create a copy of the VMDK to copy off the system) and vmkfstools -i (on an vmdk files you copy to the server. When you run vmkfstools you can specify a location to which your sshuser will have full rights (as the destination for the export or source for the import).

That said, if you have VirtualCenter there are options to both clone a VM (including running sysprep - assuming you're running windows VMS), and you can also create a template from a VM from which you can deploy new VMs (i.e. essentially a copy of the template VM). That funtionality might provide what you are trying to accomplish here.

You can use -R for chmod to recursively change permissions for a directory and all subdirectories and files (be careful and make sure you know what you are doing The problem with changing permissions (and/or ownership) of files in the service console is that some operations (like snapshots) will still create files owned by root and with default permissions (i.e., rw-------), and this can quickly become a nightmare to manage.

In winscp, you can change to root but you will have to set-up sudo (man sudo, man sudoers) so that your non-root user can 'become root' by running:

sudo su -

Then you can specify the shell for scp (under "Environment/SCP") to be something like

/bin/bash -c 'sudo su -'

and that should do it.

If you set sudo up this way you can also use:

sudo su -

in your interactive logins to switch to root and the above method to manage all files as root through winscp, while still leaving remote ssh login disabled for root.