That's like cutting the branch you are sitting on.
The interesting thing that it only required one small wrong click of the mouse and the system did not even ask for approval as far as I understood. Other than that there should be away to boot in maintenance mode and fix it or the such.
If downtime is not an issue, you may want to reinstall the ESX software keeping the existing partitions.
Downtime is not an issue, but I expect there is a simpler way to fix it...
That's why you always want to create another user that has root equiv (Just in case). Even if you had a standard user - sudo. You could try to bring up the server in single user mode and re-add root to root.
Just so I understand. You've reset the permission within the Virtual Infrastructure client, but Root still has admin privs on the Service Console?
What happened is I think a bug...
We tried to add a new user and give it specific rights.
The new user operation set it as read only but without our notice it had set root as read only as well.
We had re-created this scenario (after re-installing ESX...).
Also, Its a bit disapponting that no one knows for now how to fix this rights issue from single user mode without re-installing ESX...
I am here searching for a solution to the very same problem, and have the same exact cause. I just created a new user with rights to only one of the Virtual Machines, and now my root account is locked out (i.e. I get "Login failed..." from the VIC and "Login Incorrect" from the CLI).
And coming here and finding the only solution is to re-install ESX is disappointing indeed. This is clearly a bug that VMware needs to fix.
I had to edit the file
/etc/vmware/hostd/authorization.xml with default install permissions copied from another ESX server (standalone ESX 3.0.2 server)
ESX Server restart.
I had this issue also today. Grimson's post got me back on track again. I have a ESX 4.0 (vSphere) where i did the same thing as the topic starter. The solution in fact is more simple.
1: Edit the file /etc/vmware/hostd/autorizations.xml
2: Change the number in every line "<ACEDataRoleId>-1</ACEDataRoleId>" to 1 (This means "Administrator"). The number 2 means the role "Read-Only"
3: Save the file
4: do a "service vmware-vmkauthd restart"
5 do a "service mgmt-vmware" restart
6: problem solved without the need to restart the ESX host.