The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
Search the VMware Knowledge Base (KB)
View by Article ID
Investigating power on permissions for ESX virtual machines
Symptoms
Unable to power on a virtual machine.
When trying to connect to the console of a virtual machine from VirtualCenter: Error connecting: You need execute access in order to connect with the VMware console. Access denied for config file
Resolution
VirtualCenter Permissions
Permissions can be set in Virtual Center Server to control Power On operations with virtual machine.
To check if there are sufficient permissions set in VirtualCenter server:
Connect to the VirtualCenter server using Virtual Infrastructure (VI) Client.
Log in as an user with administrator privileges.
Select the Datacenter and click Permissions.
Check if the user account used to log in has at least read-only rights at this level.
Click on the ESX Server host where the virtual machine resides and click the Permissions tab.
Check if the user account used to log in has Virtual Machine user rights at that level.
ESX File System Permissions
Permissions on configuration files (.vmx ) and their affects on virtual machine functionality
Note: The following permissions have been verified on ESX Server 2.5.x. There may be slight differences with ESX 3.x.
The permissions set on the configuration file (.vmx ) of the virtual machine affect how other users on the system can start the virtual machine, shut it down, or view it in the management interface.
Read (r) Users can see the virtual machine in the management interface.
Read and Execute (r x) Users can: o Start, stop, reset, and suspend the virtual machine through the management interface, remote console, and API. o Access the configuration files of the virtual machine as read only.
Read and Write (r w) Users can: o Access the virtual machine from the management interface. o View the details and event logs. o Configure the virtual machine and save the changes through the management interface. o Connect to a virtual machine via API. o From the command-line interface, access and modify the files that make up the virtual machine.
Users cannot: o Connect to the virtual machine through the remote console. o Control the power to the virtual machine.
Read Write and Execute (r w x) Users have full access to act on and modify the virtual machine.
Note: All the directories leading to the .vmx file must have execute permissions for the particular area (user, group, or others) for the changes to be valid and for users to access it.
Note: Unix file permissions cannot cover all possibilities, such as granting only remote console access for a user. Consider using VirtualCenter for a specific and more elaborate permission set.
Known Issues
When trying to connect to the console of a virtual machine from VirtualCenter:
Error connecting: You need execute access in order to connect with the VMware console. Access denied for config file.
Resolution: Check the permissions for the virtual machines configuration file. By default a virtual machine has the following permissions set: -rw-r--r-- 1 root root 1821 Feb 28 18:13 vm1.vmx
Run 'chmod 755 /vmfs/volumes/<Datastore>/vm/vm.vmx' where <Datastore> is the volume that the virtual machine is located on. When you perform 'chmod 755 filename' command you allow everyone to read and execute the file, owner is allowed to write to the file as well. -rwxr-xr-x 1 root root 1821 Feb 28 18:13 vm1.vmx
