I agree this is good only for a simple local host solution. On Thu, 20 Dec 2012 07:18:03 -0500 Nico Kadel-Garcia <[log in to unmask]> wrote: > On Wed, Dec 19, 2012 at 2:28 AM, Andras Horvath <[log in to unmask]> > wrote: > > Hi, > > > > I'm using KVM like the following without having to use root access: > > > > su - > > yum install libvirt virt-manager qemu-kvm > > chkconfig libvirtd on > > # create new group for libvirt > > groupadd libvirt > > # add my user to this group > > usermod -G myuser libvirt > > # enable groups for libvirt instead of the default root > > # http://libvirt.org/auth.html#ACL_server_unix_perms > > nano /etc/libvirt/libvirtd.conf > > unix_sock_group = "libvirt" > > auth_unix_rw = "none" > > service libvirtd start > > exit > > Thanks for the pointer. It's potentially useful, and considerably > simpler than some of the alternate solutions, and solves a separate > remote access problem. I also note that those are simply uncommenting > the existing lines in libvirtd.conf. And it provides better support > for remote access to libvirtd for authorized users than requiring > local sudo. > > > # log out and back on > > virt-manager > > I''ll try this on a new KVM server I'm building before I try it in > production. Thanks for the pointer. > > Unfortunately, it's a fail as far as browsing mountable backup disk > images for use by KVM in virt-manager. If the NFS system is properly > secured to allow only root user access to the top of the NFS file > system, complexities begin to occur if you're accessing it as, say, > the "libvirtd" group members. And since the gid of libvirtd may differ > among different systems, well, you can get in security management > trouble real fast unless you're quite careful or pulling stunts like > using NFSv4 with ACL's, which I really don't recommend for the faint > of heart. > > That kind of thing is why I specifically asked if anyone had > virt-manager working with sudo.