On Wed, Dec 19, 2012 at 2:28 AM, Andras Horvath <[log in to unmask]> wrote:
> Hi,
>
> I'm using KVM like the following without having to use root access:
>
> su -
> yum install libvirt virt-manager qemu-kvm
> chkconfig libvirtd on
> # create new group for libvirt
> groupadd libvirt
> # add my user to this group
> usermod -G myuser libvirt
> # enable groups for libvirt instead of the default root
> # http://libvirt.org/auth.html#ACL_server_unix_perms
> nano /etc/libvirt/libvirtd.conf
>         unix_sock_group = "libvirt"
>         auth_unix_rw = "none"
> service libvirtd start
> exit

Thanks for the pointer. It's potentially useful, and considerably
simpler than some of the alternate solutions, and solves a separate
remote access problem. I also note that those are simply uncommenting
the existing lines in libvirtd.conf. And it provides better support
for remote access to libvirtd for authorized users than requiring
local sudo.

> # log out and back on
> virt-manager

I''ll try this on a new KVM server I'm building before I try it in
production. Thanks for the pointer.

Unfortunately, it's a fail as far as browsing mountable backup disk
images for use by KVM in virt-manager. If the NFS system is properly
secured to allow only root user access to the top of the NFS file
system, complexities begin to occur if you're accessing it as, say,
the "libvirtd" group members. And since the gid of libvirtd may differ
among different systems, well, you can get in security management
trouble real fast unless you're quite careful or pulling stunts like
using NFSv4 with ACL's, which I really don't recommend for the faint
of heart.

That kind of thing is why I specifically asked if anyone had
virt-manager working with sudo.