Sudo can be used to remove the necessity of using the 'root' user for commands requiring super user privileges. It will also then log what commands each user has ran in /var/log/secure. To set this up you needs to do the following:
1. Login to the ESX server as 'root' at the console.
2. Create a group called 'esxadmins':
/usr/sbin/groupadd esxadmins
3. Edit the group file and add the required users (see active directory authentication for users):
vi /etc/groupesxadmins:x:505:username1,username2:wq (vi command to save)
4. Add the new 'esxadmins' group to the sudoers file:
/usr/sbin/visudo%esxadmins ALL=(ALL) ALL
5. Test it
Login as the unprivileged user and run a command that requires super user:
sudo /usr/sbin/esxcfg-vswitch
OR
Change to the root user without knowing the root password:
sudo su
NOTE: You will have to enter your unprivileged user password when prompted.
EXAMPLE /etc/sudoers
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
## Host alias specification# User alias specification# Cmnd alias specification# Defaults specification# User privilege specification
root ALL=(ALL) ALL# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
%esxadmins ALL=(ALL) ALL# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
Share this blog post on social media:
Tweet
Latest Blog Posts
- vSphere 7 U1 - Part 3 - Creating a Datacenter, HA/DRS Cluster and Adding a Host
- vSphere 7 U1 - Part 2 - Deploying vCenter 7.0 U1 VCSA
- vSphere 7 U1 - Part 1 - Installing ESXi 7.0 U1
- Veeam CBT Data is Invalid - Reset CBT Without Powering Off VM
- View Administrator Blank Error Dialog/Window After Upgrade