By default the root user cannot telnet, SSH, or SCP, etc to the ESX Host. In general it is considered a best practice to grant another user SSH access then issue the su --login command to gain root privileges. However, there may be times when you would like the user with SSH privileges not know the root password. In this case you will need to configure the /etc/sudoers file to allow the user to execute one or more commands using the sudo command syntax.
1) Login to the ESX host as root
2) Create a group to manage the user access using the following commands
3) Add users to group be editing the /etc/group file using the following command
4) Insert the following line to the end of the /etc/group file
a. esxadmins is the group name you created earlier
b. 505 is the group ID
c. user1,user2 are the various user names to add to the group
d. You can edit the file using the following command or any other text editor (vi, vim, etc).
e. Save the file via Ctrl-O
f. Exit nano Ctrl-X
5) Edit the /etc/sudoers file by issuing the following command
a. At the end of the file you should add the following line so that esxadmins can run all ESX commands.
%esxadmins ALL=(ALL) ALL
Note: This will allow all ESX server commands to be run by users that are members of the esxadmins group via the sudo command syntax
i. Other possible entries to limit by user or specific command without requiring a password.
username ALL=/sbin/service, NOPASSWD: /sbin/service
%users ALL=/usr/sbin/esxcfg-nics, NOPASSWD: /usr/sbin/esxcfg-nics
%users is a predefined group that all users are automatically a member of.
NOPASSWD: ALL will result in all commands being accessible regards of command list.
Omitting NOPASSWD prompts for the current user password to run the command.
Separate more than one command with spaces.
b. Type the following to exit visudo and save file
i. Press ESC
ii. Type :wq!
c. Example of sudo commands the user could run.
sudo /sbin/service mgmt-vmware status
sudo /sbin/service --status-all
sudo /user/sbin/esxcfg-vswitch -l
This type of configure is also useful for allowing scripts to configure or manage ESX servers via an SSH shell.
Here are common Linux / ESX commands that may provide be of benefit.
To determine the path to a file you can use the whereis command.
For more information on the sudo command type man sudo
For more information on the sudoers file type man sudoers
Restricting User Authentication and Security Settings