I agree this is good only for a simple local host solution.


On Thu, 20 Dec 2012 07:18:03 -0500
Nico Kadel-Garcia <[log in to unmask]> wrote:

> On Wed, Dec 19, 2012 at 2:28 AM, Andras Horvath <[log in to unmask]>
> wrote:
> > Hi,
> >
> > I'm using KVM like the following without having to use root access:
> >
> > su -
> > yum install libvirt virt-manager qemu-kvm
> > chkconfig libvirtd on
> > # create new group for libvirt
> > groupadd libvirt
> > # add my user to this group
> > usermod -G myuser libvirt
> > # enable groups for libvirt instead of the default root
> > # http://libvirt.org/auth.html#ACL_server_unix_perms
> > nano /etc/libvirt/libvirtd.conf
> >         unix_sock_group = "libvirt"
> >         auth_unix_rw = "none"
> > service libvirtd start
> > exit
> 
> Thanks for the pointer. It's potentially useful, and considerably
> simpler than some of the alternate solutions, and solves a separate
> remote access problem. I also note that those are simply uncommenting
> the existing lines in libvirtd.conf. And it provides better support
> for remote access to libvirtd for authorized users than requiring
> local sudo.
> 
> > # log out and back on
> > virt-manager
> 
> I''ll try this on a new KVM server I'm building before I try it in
> production. Thanks for the pointer.
> 
> Unfortunately, it's a fail as far as browsing mountable backup disk
> images for use by KVM in virt-manager. If the NFS system is properly
> secured to allow only root user access to the top of the NFS file
> system, complexities begin to occur if you're accessing it as, say,
> the "libvirtd" group members. And since the gid of libvirtd may differ
> among different systems, well, you can get in security management
> trouble real fast unless you're quite careful or pulling stunts like
> using NFSv4 with ACL's, which I really don't recommend for the faint
> of heart.
> 
> That kind of thing is why I specifically asked if anyone had
> virt-manager working with sudo.