Guest Operations and File Permissions

There is a part of the vSphere API called Guest Operations. Not many people use it but I’ve found it useful over the years. I first discovered it while building a self provisioning portal back in 2011. At the time I was using VMware Orchestrator for the workflow engine and web views for the web interface. Think of it as vRA before vRA and using a “free” technology. I used the guest operations for installing application components on the provisioned VMs. For instance the company I was consulting at deployed a bunch of standard templates and installed a few things on them. With a checkbox the tool would run an IIS install or a SQL install. Things like that.

More recently I built a k8s provisioning tool that would build, scale up and down, and destroy k8s clusters. This is a powercli script and all it needs is a vanilla Ubuntu template and vCenter. All of the actions performed inside the guest are from the guest operations modules. So the updating, installation, and configuration of k8s is executed via an interface on the ESX host. No ssh or any other tool to access the guest. In fact no access to the guest over the network is necessary at all.

After working in python for a while and writing some flask apps I decided to “webify” this application as an exercise in learning the vSphere API and pyvmomi. During this I found the PosixFileAttibutes feature of the API. This allows for the setting of permissions when uploading a file to the guest. My use case is to upload a script and run it. This requires the executable bit to be set. Normally I would just run ‘chmod +x’ and be done with it. Instead I decided to use the file attributes to set it on upload. As per the docs default all files uploaded with 0644 (https://vdc-download.vmware.com/vmwb-repository/dcr-public/da47f910-60ac-438b-8b9b-6122f4d14524/16b7274a-bf8b-4b4c-a05e-746f2aa93c8c/doc/vim.vm.guest.FileManager.PosixFileAttributes.html). The docs say it accepts a long in chmod(2) format. When reporting the permissions back they come in stat(2) format.

So off I go on my happy way and tell the API to set 744 as the permission. I keep getting permission denied when trying to run the script. When checking the file permissions in the guest they report as 1363. That is of course not executable. Turns out after a bunch of trial and error, reading docs, and talking to people the right way is to use octal. Not use 0o744 but include the leading zero 0o0744. Hope this helps someone somewhere.