To deactivate shell access for non-root ESXi users in ESXi 8.0
Article ID: 396941
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
In ESXi, root, dcui and vpxuser are predefined users. Starting from 8.0, shell access for the non-root ESXi users, such as vpxuser and dcui, can be deactivated.
Environment
ESXi 8.0
Cause
Due to strict security policies in some organizations, it's necessary to limit the number of active accounts with shell access.
Resolution
Staring from ESXi 8.0, shell access of the non-root users, such as dcui and vpxuser, can be deactivated by below commands.
Firstly ssh to the ESXi as root and verify that current shell access for all users are activated (true),
[root@#####:~] localcli system account list
User ID Description Shell access
------- ----------------------------------------- ------------
root Administrator true
dcui DCUI User true
vpxuser VMware Workstation administration account true
To deactivate shell access for a non-root user, for example, dcui, run below command,
[root@#####:~] localcli system account set --id dcui --shell-access false
Then list down all users again to make sure shell access for dcui changes to false,
[root@#####:~] localcli system account list
User ID Description Shell access
------- ----------------------------------------- ------------
root Administrator true
dcui DCUI User false
vpxuser VMware Workstation administration account true
Feedback
Yes
No
Powered by
