| If the system does not require valid root authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. Permanent not a finding - The ESXi-v5 hypervisor does not have the ability to boot into single user mode. Maintenance mode (which in fact does not cause the machine to enter a different run-level) can be entered at the command line via "vim-cmd hostsvc/maintenance_mode_enter" when logged in as root. The "vim-cmd" assumes that there is no VM activity. Maintenance Mode is also accessible via the vSphere Client/vCenter. As root (or using a different administrator Active Directory account), from the vSphere Client/vCenter, right click the host icon to select the host and select "Enter Maintenance Mode" from the drop down menu, and click "Yes". Note that in all cases, root (or some "other" privileged administrator account is required to perform this function. There are no "traditional", non-privileged user accounts on ESXi. |
