The Orchestrator API provides a scripting class, Command, that runs commands in the Orchestrator server host operating system. To prevent unauthorized access to the Orchestrator server host, by default, Orchestrator applications do not have permission to run the Command class. If Orchestrator applications require permission to run commands on the host operating system, you can activate the Command scripting class.
About this task
You grant permission to use the Command class by setting a system property in the vmo.properties properties file.
- On the Orchestrator server system, navigate to the folder that contains configuration files.
If you installed Orchestrator with the vCenter Server installer
Go to install_directory\VMware\Infrastructure\Orchestrator\app-server\conf.
If you installed the standalone version of Orchestrator
Go to install_directory\VMware\Orchestrator\app-server\conf.
If you downloaded and deployed the virtual appliance
Go to /etc/vco/app-server/.
- Open the vmo.properties configuration file in a text editor.
- Set the com.vmware.js.allow-local-process system property by adding the following line to the vmo.properties file.
- Save the vmo.properties file.
- Restart the Orchestrator server.
You granted permissions to Orchestrator applications to run local commands in the Orchestrator server host operating system.
By setting the
com.vmware.js.allow-local-process system property to
true, you allow the Command scripting class to write anywhere in the file system. This property overrides any file system access permissions that you set in the js-io-rights.conf file for the Command scripting class only. The file system access permissions that you set in the js-io-rights.conf file still apply to all scripting classes other than Command.