Subject: | |
From: | |
Reply To: | |
Date: | Thu, 20 Dec 2012 14:02:29 +0100 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
I agree this is good only for a simple local host solution.
On Thu, 20 Dec 2012 07:18:03 -0500
Nico Kadel-Garcia <[log in to unmask]> wrote:
> On Wed, Dec 19, 2012 at 2:28 AM, Andras Horvath <[log in to unmask]>
> wrote:
> > Hi,
> >
> > I'm using KVM like the following without having to use root access:
> >
> > su -
> > yum install libvirt virt-manager qemu-kvm
> > chkconfig libvirtd on
> > # create new group for libvirt
> > groupadd libvirt
> > # add my user to this group
> > usermod -G myuser libvirt
> > # enable groups for libvirt instead of the default root
> > # http://libvirt.org/auth.html#ACL_server_unix_perms
> > nano /etc/libvirt/libvirtd.conf
> > unix_sock_group = "libvirt"
> > auth_unix_rw = "none"
> > service libvirtd start
> > exit
>
> Thanks for the pointer. It's potentially useful, and considerably
> simpler than some of the alternate solutions, and solves a separate
> remote access problem. I also note that those are simply uncommenting
> the existing lines in libvirtd.conf. And it provides better support
> for remote access to libvirtd for authorized users than requiring
> local sudo.
>
> > # log out and back on
> > virt-manager
>
> I''ll try this on a new KVM server I'm building before I try it in
> production. Thanks for the pointer.
>
> Unfortunately, it's a fail as far as browsing mountable backup disk
> images for use by KVM in virt-manager. If the NFS system is properly
> secured to allow only root user access to the top of the NFS file
> system, complexities begin to occur if you're accessing it as, say,
> the "libvirtd" group members. And since the gid of libvirtd may differ
> among different systems, well, you can get in security management
> trouble real fast unless you're quite careful or pulling stunts like
> using NFSv4 with ACL's, which I really don't recommend for the faint
> of heart.
>
> That kind of thing is why I specifically asked if anyone had
> virt-manager working with sudo.
|
|
|