The root account can no longer change permissions or executable files in ESXi 7.0.x
Article ID: 344767
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
In prior releases it was possible for root to change file permissions, rename, move or delete any file in the root filesystem.
The filesystem remains as it was when first booted as this improves security since a compromised system can not be modified
beyond the normal read-write configuration files.
Configuration files are identified as those by having the 'sticky' bit file permission bit set (01000).
Any attempt to modify files which are not considered configuration files results in the message:
Operation not permitted
For example:
$ vmware -vl
VMware ESXi 7.0.0 ...
$ echo $USER
root
$ chmod 666 vmtar
chmod: vmtar: Operation not permitted
The filesystem remains as it was when first booted as this improves security since a compromised system can not be modified
beyond the normal read-write configuration files.
Configuration files are identified as those by having the 'sticky' bit file permission bit set (01000).
Any attempt to modify files which are not considered configuration files results in the message:
Operation not permitted
For example:
$ vmware -vl
VMware ESXi 7.0.0 ...
$ echo $USER
root
$ chmod 666 vmtar
chmod: vmtar: Operation not permitted
Environment
VMware vSphere ESXi 7.0.0
VMware vSphere ESXi 8.0.0
Resolution
The file System permission changes are restricted by design and can no longer be changed.
This is a functional design change starting from vSphere 7.x
This is a functional design change starting from vSphere 7.x
Feedback
Yes
No
Powered by
