new1234.jpg
Home > VMware > VMware: How to revert root user role from "Read-only" to "Administrator"

VMware: How to revert root user role from "Read-only" to "Administrator"

Today on the Dutch VMug forum somebody got some trouble to connect a ESX host after changing the “root” permissions from Administrator to Read-only. Nice problem to find a solution, I created the same situation in my test environment.

Situation:

User: Root – Role: Read-Only

image You can’t connect the host anymore with your VI Client..

Solution:

… but you can still login at the console or putty session.. so what to do:

Edit the authorization.xml file: nano /etc/vmware/hostd/authorization.xml

image

Change the "<ACEDataRoleId>-2</ACEDataRoleId>" number 2 in number 1.. so it must look like in "<ACEDataRoleId>-1</ACEDataRoleId>"

Administrator = 1

Read-only = 2

 

Restart some services:

  • service vmware-vmkauthd restart
  • service mgmt-vmware restart

image

    I can login again 🙂

     

    Tip: Create always a second account to manage or troubleshoot your environment.

    sanderdaems

    Sander Daems is founder and author of this blog and working as a Sr. Infrastructure Consultant by IT-Value. Sander has over 10 years experience in IT, primary focus: virtualization, storage and SBC

    More Posts - Website

    Follow Me:
    TwitterLinkedIn

    1. craig
      May 15th, 2011  (Quote) at 18:47  (Quote) | #1

      I figured out how to revet root from read-only back to administrator by just plugging in directly to it via my KVM, pressing F2 (customize system), go down to “Configure Lockdown Mode” & disabling. I was then able to KVM back over to my main PC & login using VMware Infrastructure Client w/ Administrator privileges & then created a 2ndary admin login & changed its permissions to be administrator as well.

    2. Vadim
      October 2nd, 2012  (Quote) at 11:15  (Quote) | #2

      Thx Craig. It’s good idea! It’s work for me!!!

    3. Karel
      March 18th, 2013  (Quote) at 20:59  (Quote) | #3

      Hi,
      I have similar problem, but I can not reach /etc/vmware/hostd/authorization.xml

      I tried Craig’s solution, but “Configure Lockdown Mode” option is gray (I can not select it).

      I can enable console and SSH on physical server, but I can not log in. I tried “root” and password, which I used for ESXi configuration.

      I am using ESXi 5.1 and vSphere client.

      Can you help me?

    4. Ivo Silva
      December 11th, 2013  (Quote) at 18:44  (Quote) | #4

      Good afternoon sanderdaems,

      I’m having this problem and can not solve it because I can not login as root by putty or winscp gives the access denied message. Through the VMware vSphere Client can get normal but i can not make any changes because the user is root with read-only permission.

      Regards,

      Ivo Silva.

    5. Ivo Silva
      December 11th, 2013  (Quote) at 18:50  (Quote) | #5

      I’m having the same problem.

      Can anyone help me.

      Regards,

      Ivo Silva.

    6. renjiewang
      December 25th, 2013  (Quote) at 15:39  (Quote) | #6

      I have similar problem, but I can not reach /etc/vmware/hostd/authorization.xml,
      can anyone help you?

    7. Christoph
      April 28th, 2014  (Quote) at 16:41  (Quote) | #7

      Dear All,

      I have exatly the same problem, but I also cannot enable “Configure Lockdown Mode” and I am not able to login via putty with the root user. I guess that the root user is not allowed by default to connect via ssh.

      Did anyone solve the problem? It seems to be the same issue at Ivo Silva’s post.

      Thank you,
      Christoph

    8. April 29th, 2014  (Quote) at 10:08  (Quote) | #8

      Christoph :

      Dear All,

      I have exatly the same problem, but I also cannot enable “Configure Lockdown Mode” and I am not able to login via putty with the root user. I guess that the root user is not allowed by default to connect via ssh.

      Did anyone solve the problem? It seems to be the same issue at Ivo Silva’s post.

      Thank you,
      Christoph

      Can you still manage the host by vCenter server? You can apply a host profile to change the administrator password

    9. Christoph
      April 29th, 2014  (Quote) at 12:42  (Quote) | #9

      @sanderdaems
      Hello,

      thank you for the hint. I don’t have vCenter Server.
      I dared to reset to default settings. I documented the settings before and resetting solved my problem. I will take more care in the future.

      Thank you

    10. Ignacio
      June 9th, 2014  (Quote) at 13:53  (Quote) | #10

      And if you add a group called “root” and you give read-only?

    11. Eghi
      November 26th, 2014  (Quote) at 10:57  (Quote) | #11

      Hi, I have the same problem as others which they have stated in their comments (I cant log into terminal with user of root, maybe because of its low permission), is anybody here who may help me?

      Best regards

    12. Eghi
      November 26th, 2014  (Quote) at 11:00  (Quote) | #12

      @sanderdaems

      Hi, I have the same problem as others which they have stated in their comments (I cant log into terminal with user of root, maybe because of its low permission), would you please help me? I haven;t setup a VCenter Server before this trouble occurred.

      Best regards

    13. Teddy-Jack MBULA
      May 27th, 2015  (Quote) at 21:10  (Quote) | #13

      You can re-assign the administrative role through the VMA.
      If you have VMA, target the host where you downgrade the root role, create a user with administrator role . Here you go.

      See the link below:

      http://buildvirtual.net/creating-users-and-groups-on-a-esxi-5-host/

    14. payam
      April 12th, 2016  (Quote) at 10:09  (Quote) | #14

      I have a same problem , but I have not access to the ssh because ssh is disable in my server and I can not enable ssh access via read only user.

    15. Tobi
      June 21st, 2017  (Quote) at 23:22  (Quote) | #15

      Thx!!!!!!!!!!!! It worked fine!

      Regards

    1. at | #1
    2. at | #2
    3. at | #3