{"id":1024,"date":"2016-08-25T15:27:29","date_gmt":"2016-08-25T12:27:29","guid":{"rendered":"https:\/\/computingforgeeks.com\/?p=1024"},"modified":"2024-07-08T13:24:32","modified_gmt":"2024-07-08T10:24:32","slug":"use-virt-manager-as-non-root-user","status":"publish","type":"post","link":"https:\/\/computingforgeeks.com\/use-virt-manager-as-non-root-user\/","title":{"rendered":"Use virt-manager as a non-root user on Linux"},"content":{"rendered":"\n<p>The priority of KVM is security and by default it limits the management access to root users. If you want to run <code>virt-manager<\/code> without being asked for sudo password, then this article is for you. We will be using a group with correct permissions to manage KVM, this enables you to grant multiple users in the system permissions to administer KVM hypervisor.<\/p>\n\n\n\n<p>In our previous guide we covered in detail the procedure of installing and configuring KVM hypervisor. With KVM installed and working, follow the steps below if you want to run Virt Manager without <code>sudo<\/code> permissions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1) Create unix group for KVM<\/h2>\n\n\n\n<p>First check if group already exist, if not create it with commands below.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo getent group | grep libvirt<\/code><\/pre>\n\n\n\n<p>Some distributions  may be using libvirtd.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo getent group | grep <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-cyan-blue-color\">libvirtd<\/mark><\/code><\/pre>\n\n\n\n<p>If the group does&#8217;t exist add using <code>groupadd<\/code> command.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo groupadd --system libvirt<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">2) Add users to the libvirt group<\/h2>\n\n\n\n<p>Add user to the group using the syntax.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo usermod -a -G libvirt &lt;username>\nnewgrp libvirt<\/code><\/pre>\n\n\n\n<p>Example of adding the current user account you are logged in as.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo usermod -a -G libvirt $(whoami)<br>newgrp libvirt<\/code><\/pre>\n\n\n\n<p>Confirm that the user has been added to the group.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\"> id cloudspinx<\/mark>\nuid=1001(cloudspinx) gid=1001(cloudspinx) groups=1001(cloudspinx),986(libvirt)<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">3) Edit <span id=\"2._Update_the_libvirt_configuration\" class=\"mw-headline\">libvirtd configuration file<\/span><\/h2>\n\n\n\n<p>Open Libvirtd configuration file<em>\u00a0\/etc\/libvirt\/libvirtd.conf<\/em>\u00a0for editing.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Using vim\nsudo vim \/etc\/libvirt\/libvirtd.conf\n\n# Using nano\nsudo nano \/etc\/libvirt\/libvirtd.conf<\/code><\/pre>\n\n\n\n<p>Find the  <code>unix_sock_group<\/code> line and uncomment to define domain socket group ownership for libvirtd, (around line\u00a0<strong>85<\/strong>)<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>unix_sock_group = \"libvirt\"<\/code><\/pre>\n\n\n\n<p>Also assign UNIX socket permissions for the socket &#8211; we are setting R\/W (around line\u00a0<strong>102<\/strong>)<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>unix_sock_rw_perms = \"0770\"<\/code><\/pre>\n\n\n\n<p>When done with the changes restart <code>libvirtd<\/code> service.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl restart libvirtd.service<\/code><\/pre>\n\n\n\n<p>Confirm service status:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-pale-pink-color\">systemctl status libvirtd.service<\/mark>\n<mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-vivid-green-cyan-color\">\u25cf<\/mark> libvirtd.service - Virtualization daemon\n   Loaded: loaded (\/usr\/lib\/systemd\/system\/libvirtd.service; enabled; vendor preset: enabled)\n   Active: <mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-light-green-cyan-color\">active (running) <\/mark>since Mon 2024-07-08 13:02:26 EAT; 19min ago\n     Docs: man:libvirtd(8)\n           https:&#47;&#47;libvirt.org\n Main PID: 104329 (libvirtd)\n    Tasks: 27 (limit: 32768)\n   Memory: 94.5M\n   CGroup: \/system.slice\/libvirtd.service\n           \u251c\u2500  1737 \/usr\/sbin\/dnsmasq --conf-file=\/var\/lib\/libvirt\/dnsmasq\/crc.conf --leasefile-ro --dhcp-script=\/usr\/libexec\/libvirt_leaseshelper\n           \u251c\u2500  1739 \/usr\/sbin\/dnsmasq --conf-file=\/var\/lib\/libvirt\/dnsmasq\/crc.conf --leasefile-ro --dhcp-script=\/usr\/libexec\/libvirt_leaseshelper\n           \u251c\u2500  1815 \/usr\/sbin\/dnsmasq --conf-file=\/var\/lib\/libvirt\/dnsmasq\/default.conf --leasefile-ro --dhcp-script=\/usr\/libexec\/libvirt_leaseshelper\n           \u251c\u2500  1816 \/usr\/sbin\/dnsmasq --conf-file=\/var\/lib\/libvirt\/dnsmasq\/default.conf --leasefile-ro --dhcp-script=\/usr\/libexec\/libvirt_leaseshelper\n           \u2514\u2500104329 \/usr\/sbin\/libvirtd --timeout 120\n\nJul 08 13:02:26 kvm01.home.cloudlabske.io systemd&#91;1]: Starting Virtualization daemon...\nJul 08 13:02:26 kvm01.home.cloudlabske.io systemd&#91;1]: Started Virtualization daemon.\nJul 08 13:02:26 kvm01.home.cloudlabske.io dnsmasq&#91;1815]: read \/etc\/hosts - 2 addresses\nJul 08 13:02:26 kvm01.home.cloudlabske.io dnsmasq&#91;1737]: read \/etc\/hosts - 2 addresses\nJul 08 13:02:26 kvm01.home.cloudlabske.io dnsmasq&#91;1737]: read \/var\/lib\/libvirt\/dnsmasq\/crc.addnhosts - 0 addresses\nJul 08 13:02:26 kvm01.home.cloudlabske.io dnsmasq&#91;1815]: read \/var\/lib\/libvirt\/dnsmasq\/default.addnhosts - 0 addresses\nJul 08 13:02:26 kvm01.home.cloudlabske.io dnsmasq-dhcp&#91;1815]: read \/var\/lib\/libvirt\/dnsmasq\/default.hostsfile\nJul 08 13:02:26 kvm01.home.cloudlabske.io dnsmasq-dhcp&#91;1737]: read \/var\/lib\/libvirt\/dnsmasq\/crc.hostsfile<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Launch virt-manager and test<\/h2>\n\n\n\n<p>Open your terminal and launch Virt Manager. You can also use GUI launcher.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>virt-manager<\/code><\/pre>\n\n\n\n<p>You should be able to connect without any permissions being asked.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"453\" src=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2019\/04\/use-virt-manager-non-root-user-1024x453.png\" alt=\"\" class=\"wp-image-16094\" title=\"\" srcset=\"https:\/\/computingforgeeks.com\/wp-content\/uploads\/2019\/04\/use-virt-manager-non-root-user-1024x453.png 1024w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2019\/04\/use-virt-manager-non-root-user-300x133.png 300w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2019\/04\/use-virt-manager-non-root-user-768x340.png 768w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2019\/04\/use-virt-manager-non-root-user-696x308.png 696w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2019\/04\/use-virt-manager-non-root-user-1068x472.png 1068w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2019\/04\/use-virt-manager-non-root-user-949x420.png 949w, https:\/\/computingforgeeks.com\/wp-content\/uploads\/2019\/04\/use-virt-manager-non-root-user.png 1788w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>That&#8217;s all on how to allow non-root users to manage VMs on KVM using <code>virsh<\/code>or <code>virt-manager<\/code> without sudo permissions.<\/p>\n\n\n\n<p>Check more articles available on KVM.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a aria-label=\" (opens in a new tab)\" href=\"https:\/\/computingforgeeks.com\/using-vagrant-with-libvirt-on-linux\/\" target=\"_blank\" rel=\"noreferrer noopener\">Using Vagrant with Libvirt on Linux<\/a>.<\/li>\n\n\n\n<li><a rel=\"noreferrer noopener\" href=\"https:\/\/computingforgeeks.com\/how-to-provision-vms-on-kvm-with-terraform\/\" target=\"_blank\">How to Provision VMs on KVM with Terraform<\/a><\/li>\n\n\n\n<li><a rel=\"noreferrer noopener\" href=\"https:\/\/computingforgeeks.com\/how-to-create-centos-fedora-rhel-vm-templates-on-kvm\/\" target=\"_blank\">How to Create CentOS \/ Fedora \/ RHEL VM Templates on KVM<\/a><\/li>\n\n\n\n<li><a rel=\"noreferrer noopener\" href=\"https:\/\/computingforgeeks.com\/rhel-centos-kickstart-automated-installation-kvm-virt-install\/\" target=\"_blank\">RHEL and CentOS Kickstart on KVM Automated Installation With virt-install<\/a><\/li>\n<\/ul>\n\n\n\n<p>Further reading:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.amazon.com\/gp\/product\/1784399051\/ref=as_li_tl?ie=UTF8&amp;camp=1789&amp;creative=9325&amp;creativeASIN=1784399051&amp;linkCode=as2&amp;tag=29834000-20&amp;linkId=e4e16b6c501b69634d21b5ea568be048\" target=\"_blank\" rel=\"noreferrer noopener\">Mastering KVM Virtualization<\/a><\/li>\n\n\n\n<li><a target=\"_blank\" href=\"https:\/\/www.amazon.com\/gp\/product\/1119267722\/ref=as_li_tl?ie=UTF8&amp;camp=1789&amp;creative=9325&amp;creativeASIN=1119267722&amp;linkCode=as2&amp;tag=29834000-20&amp;linkId=8d888087d6c8b5584d3b65cb91615adf\" rel=\"noreferrer noopener\">Virtualization Essentials, 2nd Edition<\/a><\/li>\n<\/ul>\n\n\n\n<p><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The priority of KVM is security and by default it limits the management access to root users. If you want to run virt-manager without being asked for sudo password, then this article is for you. We will be using a group with correct permissions to manage KVM, this enables you to grant multiple users in &#8230; <a title=\"Use virt-manager as a non-root user on Linux\" class=\"read-more\" href=\"https:\/\/computingforgeeks.com\/use-virt-manager-as-non-root-user\/\" aria-label=\"Read more about Use virt-manager as a non-root user on Linux\">Read more<\/a><\/p>\n","protected":false},"author":3,"featured_media":1029,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[86,12,17,26,299,43,50,55,81],"tags":[126,128,127],"class_list":["post-1024","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-virtualization","category-arch-linux","category-centos","category-debian","category-how-to","category-kali-linux","category-linux-tutorials","category-networking","category-ubuntu","tag-kvm","tag-qemu","tag-virt-manager"],"_links":{"self":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/1024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/comments?post=1024"}],"version-history":[{"count":0,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/posts\/1024\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media\/1029"}],"wp:attachment":[{"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/media?parent=1024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/categories?post=1024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/computingforgeeks.com\/wp-json\/wp\/v2\/tags?post=1024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}