Sudo can be used to remove the necessity of using the 'root' user for commands requiring super user privileges. It will also then log what commands each user has ran in /var/log/secure. To set this up you needs to do the following:
1. Login to the ESX server as 'root' at the console.

2. Create a group called 'esxadmins':
/usr/sbin/groupadd esxadmins

3. Edit the group file and add the required users (see active directory authentication for users):
vi /etc/group
:wq (vi command to save)

4. Add the new 'esxadmins' group to the sudoers file:
%esxadmins        ALL=(ALL)       ALL

5. Test it
Login as the unprivileged user and run a command that requires super user:
sudo /usr/sbin/esxcfg-vswitch
Change to the root user without knowing the root password:
sudo su
NOTE: You will have to enter your unprivileged user password when prompted.

EXAMPLE /etc/sudoers
# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers file.
# Host alias specification
# User alias specification
# Cmnd alias specification
# Defaults specification
# User privilege specification
root    ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL
%esxadmins        ALL=(ALL)       ALL
# Same thing without a password
# %wheel        ALL=(ALL)       NOPASSWD: ALL
# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now

Share this blog post on social media:

Social Links


All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2008-2021 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes

We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.