The root account can no longer change permissions or executable files in ESXi 7.0.x
search cancel

The root account can no longer change permissions or executable files in ESXi 7.0.x

book

Article ID: 344767

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

In prior releases it was possible for root to change file permissions, rename, move or delete any file in the root filesystem.

The filesystem remains as it was when first booted as this improves security since a compromised system can not be modified 
beyond the normal read-write configuration files.

Configuration files are identified as those by having the 'sticky' bit file permission bit set (01000).

Any attempt to modify files which are not considered configuration files results in the message:
Operation not permitted

For example:

$ vmware -vl
VMware ESXi 7.0.0 ...

$ echo $USER
root

$ chmod 666 vmtar 
chmod: vmtar: Operation not permitted


Environment

VMware vSphere ESXi 7.0.0

VMware vSphere ESXi 8.0.0

Resolution

The file System permission changes are restricted by design and can no longer be changed.

This is a functional design change starting from vSphere 7.x