Modifying a cloud-init GuestInfo variable value from the guest OS fails with "Permission denied" error
search cancel

Modifying a cloud-init GuestInfo variable value from the guest OS fails with "Permission denied" error

book

Article ID: 377267

calendar_today

Updated On:

Products

VMware vSphere ESXi 8.0

Issue/Introduction

  • "Permission denied" error is returned when setting cloud-init GuestInfo variables value using "vmware-rpctool" or "vmtoolsd --cmd" on Linux guests, or using "rpctool.exe" or "vmtoolsd.exe --cmd" on Windows guests.

  • A "Permission denied for setting key" log statement present in the virtual machine log file, of the form:
    yyyy-mm-ddThh:mm:ss.msZ In(05) vmx - GuestRpc: Permission denied for setting key  {GuestInfo-variable-name}.

    Where "GuestInfo-variable-name" is one of the cloud-init GuestInfo variable names.

Note: We use the term "cloud-init" in this article to reference cloud-init,cloudbase-init and similar post-boot guest configuration mechanism that use the GuestInfo variables discussed herein. 
Note: A cloud-init GuestInfo variable is one of
  - guestinfo.metadata
  - guestinfo.userdata
  - guestinfo.vendordata
  - guestinfo.metadata.encoding
  - guestinfo.userdata.encoding
  - guestinfo.vendordata.encoding

Environment

VMware ESXi 8.0 U3b

Cause

The issue can be caused when setting cloud-init GuestInfo variables values is denied to regular users (non-admin/non-root) based on VM settings 

When:

  • vmware-rpctool on Linux or "rpctool.exe" on Windows is used to set a  cloud-init GuestInfo variable value using the "info-set" command, to a value that is not allowed for regular users.
  • "vmtoolsd --cmd" on Linux or "vmtoolsd.exe --cmd" on Windows is used by a regular user (non-admin/non-root) to set a cloud-init GuestInfo variable value using the "info-set" command, to a value that is not allowed for regular users.

 

Note 1: cloud-init GuestInfo variables and their values allowed to be set by regular users:

GuestInfo variable name    Allowed value to set by regular users
guestinfo.metadata "---" (three hyphen characters)
guestinfo.userdata "---" (three hyphen characters)
guestinfo.vendordata "---" (three hyphen characters)
guestinfo.metadata.encoding " " (single space character)
guestinfo.userdata.encoding " " (single space character)
guestinfo.vendordata.encoding " " (single space character)

 

Note 2 : A "Permission denied" error can also be caused by the  "guest_rpc.rpci.auth.cmd.info-set" VM parameter being set to TRUE
See KB - Accessing or modifying a GuestInfo variable value from the guest OS fails with "Permission denied" error

Resolution

When modifying a cloud-init GuestInfo variable value returns the "Permission denied" error, perform one of the below:

 - Use the "vmtoolsd --cmd" on Linux or "vmtoolsd.exe --cmd" on Windows as an administrator or root user

   OR

 - Set "guest_rpc.auth.cloud-init.set" value to FALSE in the VM configuration.

Additional Information

Powered by Wolken Software