Hia
I'm trying to create a local account on the VCSA that is able to run 'service-control --status' in the bash shell. While trying to do this I've come accross a few things I cant really explain.
1. I can create users without any problem using "localaccounts.user.add --username x --role y -- password" but I cant edit or delete them without getting an error that the user is not recognized.
- localaccounts.user.list only lists the root user. Didn't change after setting the bash shell as default for my custom user.
- I can see all the users I created in my VCSA Web Interface, but I cant edit or delete useres here.
2. None of the given roles, even superAdmin, seems to have the permissions to run service-control. Do I need a root shell to run those commands?
I'm clearly missing something, overread something.. hoping you can point me in the right direction. I'm running a VCSA V6.7 U3 Build 14367737.
Regards
David
I checked docs and tested on my lab. It works.
Create local user:
Create a Local User Account in the vCenter Server Appliance
Roles:
User Roles in the vCenter Server Appliance
As you can see only superAdmin can log and use shell.
Commands from my lab:
localaccounts.user.add --role superAdmin --username blanket --password --fullname Pblanket --email p@blanket.p
And I am able to SSH to VCSA.
You need to do that to be able to have shell access:
shell.set --enabled true
Well, like I mentioned before, adding users isn't the problem, aswell as accessing ssh and the enabled shell. Its everything else I mentioned that doesnt work for me. Mostly its editing or deleting the users and using service-control commands.
Were you able to test that aswell?
Your new user, wherever you made it (AD or SSO or local OS) must have SystemConfiguration.BashShellAdministrators group membership.
Please check the following link: