VCAP-DCV :: Add/Edit Remove users on an ESXi host from CLI

The most effective way to add local users is command-line we need 3 steps to add user using CLI using GUI we need around 10 steps ! Real men don't click ;-)

1.) Add user kb with description admin
[root@localhost:~] esxcli system account add -d "admin" -i kb -p -c
Enter value for 'password':
Enter value for 'password-confirmation':

2.) List newly created users:

[root@localhost:~] esxcli system account list

User ID  Description                            
-------  -------------------------------------------
root     Administrator                          
dcui     DCUI User                              
vpxuser  VMware VirtualCenter administration account
kb       admin

3.) List permissions:
[root@localhost:~] esxcli system permission list
Principal  Is Group  Role   Role Description
---------  --------  -----  ------------------
dcui          false  Admin  Full access rights
root          false  Admin  Full access rights
vpxuser       false  Admin  Full access rights

4.) Assign new permissions to newly created user kb:

[root@localhost:~] esxcli system permission set -i kb -r Admin

5.) List assigned role / permissions:

[root@localhost:~] esxcli system permission list

Principal  Is Group  Role   Role Description  

---------  --------  -----  ------------------

dcui          false  Admin  Full access rights

kb            false  Admin  Full access rights

root          false  Admin  Full access rights

vpxuser       false  Admin  Full access rights

6.) Remove the account
[root@esxi01:~] esxcli system account remove -i kb

UNSUPPORTED way to add user with root priviliges from command-line:

1.) Enter into /bin directory:
[root@localhost:~] cd /bin/

2.) Create symbolic link:
[root@localhost:/bin] ln -s /usr/lib/vmware/busybox/bin/busybox adduser

3.) Create new user using adduser command:
[root@localhost:/bin] adduser -s /bin/ash -g admin -G root -h / kb
Changing password for kb

You can now choose the new password.

A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use a 7 character long
password with characters from at least 3 of these 4 classes.
An upper case letter that begins the password and a digit that
ends it do not count towards the number of character classes used.

Alternatively, if noone else can see your terminal now, you can
pick this as your password: "cvyr!Terrpr!zbzrag".

Enter new password:
Re-type new password:

4.) List newly created user:
[root@localhost:/bin] esxcli system account list
User ID  Description                            
-------  -------------------------------------------
root     Administrator                          
dcui     DCUI User                              
vpxuser  VMware VirtualCenter administration account
kb       admin

5.) Don't assign the role for this user you will lost access over SSH.
[root@esxi01:/bin] esxcli system permission list
Principal  Is Group  Role   Role Description
---------  --------  -----  ------------------
dcui          false  Admin  Full access rights
root          false  Admin  Full access rights
vpxuser       false  Admin  Full access rights

We can only login via SSH using this method, the GUI will not allow to login because of permission. Assigning the Admin role will cause that access to SSH will be lost as well. I am not sure this is bug or feature.