Site icon Virtual Maestro

How to add, manage local users in ESXi host 6.x & 7.x?


In this post we will explore managing local users on ESXi host through CLI, GUI and also discuss role management in local ESXi host. The process is identical in ESXi 6.x as well as ESXi 7.x version. For all versions of ESXi, you can see the list of predefined users in the /etc/passwd file.

Usually, you should manage privileges for users by assigning permissions to an ESXi object in  vCenter Server inventory foe general use cases. However, best practice is also to create at least one local user account in ESXI host, assign it full administrative privileges on the host, and use this account instead of the root account. 

In case you are using a standalone ESXi host in your environment then you will need to create and manage users directly on ESXi hosts anyway.

Creating a local user account in ESXi host is fairly simple process. You can use ESXi host Command line or GUI, i.e., Host client (HTML) to manage local users as it has to be done on ESXi host directly.

First of all we will see how to create local users using ESXi host local shell.

Note: If you define a local user on ESXi host directly and a user with the same name also exists in vCenter Server, these users are different not same. 

Add user using ESXi Shell:

Switch to ESXi local shell or ssh to ESXi host.

  • esxcli system account list
    • This will list existing accounts in ESXi host.

  • Run below command to add the local user account with required user details
  • esxcli system account add –id Demo-CLI –password  –password-confirmation 
    • This will add a user called as testuser1 with password mentioned. Ensure that Password entered is as per ESXi Password policy. Check ESXi 7 password policy.

  • You can also use below format instead of above
  • esxcli system account list
    • To verify that user is added to local system

Add users using ESXi host client:

Roles Management:

Below are the default list of system roles that are present in ESXi host. Note that System roles are permanent. You cannot edit the privileges associated with these roles. As you can see, I have selected Administrator role but Edit button is greyed out.

The predefined roles in ESXi host. 

Also note that, you can use system roles to assign to users when required with exceptions such as Anonymous role. As in image below Anonymous role, View role are not available to assignment.

Assigning Role to User:

Assigning role to user is not done from Security and Users screen. Role assignment is done through permissions page under Action menu as in screenshot below.

Removing local user

To remove the local user, you can use the GUI as in screenshot below.

Also, you can remove local users through command line as well.

Wrapping up:

That is all for this post.


Exit mobile version