ESXi 7.X file permissions - how to buypass new security measures

vmware-esxi virtualization vmware-vsphere vmware-esx vmware-vcenter

Solution 1:

As already stated by Chopper3, you really shouldn't, by design, run anything except ESXi on a vSphere host. And this new security measure is just in line with that, as locking down the filesystem gives tremendous security improvements.

Also, keep in mind that in a lot of larger environments ESXi might not even have persistent storage, as hosts are PXE booted over the network with ESXi and just keep what they need in RAM.

The way forward regarding this is to use PowerCLI as you've already identified.

Solution 2:

I agree with the other contributions about not doing anything "inside" ESXi, but manage it remotely with the supported tools like PowerCLI.

However, I also want to help you with your original question: Even in ESXi 7.0 some files can still be edited, e.g. /etc/rc.local.d/local.sh. This script will be executed by /etc/rc.local, so you can add your commands there.

You just need to be aware that this script will not be executed if you have UEFI Secure boot enabled on your host.

Related

Windows Server 2019 ADCS - Unable to Install Subordinate CA Certificate
GCP+Ansible: how to run a playbook with user account
Using Powershell to get a group of specific perfmon counters
Archlinux nfs is shutting down immediately
Why does RCN route addresses in 10.0.0.0/8 to some public machine?
Is reverse proxy recommended in production environment?
nagios wrongly reports packet loss
CentOS, revert back to a clean state (by backup or snapshot) without physically going to the server [closed]
GCP LB with static website and kubernetes
PMTA Timeout Centos 7
Logrotate appends "1" at the end of compressed file name
ssh-keygen: signing syntax - help needed with options