Exiting Lockdown Mode Can Disable “root” Access (if you remove “root” from the DCUI.Access)
I recently came across a situation where I was unable to login to my ESXi host as root. This caught me off guard as I hadn’t intentionally disabled root, but suddenly, and seemingly out of the blue, root logins stopped working.
Now just before this happened I had used the host to record a video showing how lockdown mode works. So I knew the problem must somehow be related to the host having been placed into lockdown mode and subsequently taken out. After a bit of testing, sure enough I confirmed that this was the case. The process of putting my host into lockdown mode and subsequently taking it out had unexpectedly removed the root privileges from the host. Why did this happen? Well, the answer is tied to how lockdown mode works and more specifically the role of the DCUI.Access list in allowing select users to override lockdown mode.
To learn more and to read the entire article at its source, please refer to the following page, Exiting Lockdown Mode Can Disable “root” Access (if you remove “root” from the DCUI.Access)- Uptime (VMware and Business Continuity)