CentOS 7 Virsh - Allow Non Sudo Users to Interface with QEMU / KVM / Virtual Machines

Question

Is there a way to allow non sudo users access to KVM QEMU virtual machines in CentOS 7? I want to allow a non-root user to manage KVM guest virtual machines without having sudo access. Mainly, I'd like the user to be able to run virsh commands such as:

virsh list --all
virsh start UUID

I tried adding the user to the libvirt group, but that didn't work. I checked policy kit rules in /etc/polkit-1/rules.d, and I followed these directions as well:

https://goldmann.pl/blog/2012/12/03/con ... t-manager/ https://major.io/2015/04/11/run-virsh-a ... ular-user/

Neither of these worked. Is there a way to do this, and if so, how?

You do realize that you can and actually should configure `sudo` to run only a specific set of commands? — HBruijn, May 20 '16 at 05:10
http://serverfault.com/a/739614/126632 Non-root users always have to specify the connection URI, even if granted access in PolicyKit. — Michael Hampton, May 20 '16 at 09:58

score 6 · Accepted Answer · answered May 20 '16 at 05:56

6

Hidden in the comments at https://major.io/2015/04/11/run-virsh-a is

export LIBVIRT_DEFAULT_URI=qemu:///system

This works for me but may give more access than you want.

answered May 20 '16 at 05:56

user9517

115,471
20
215
297

Link is broken... – larsks Nov 27 '19 at 20:50

CentOS 7 Virsh - Allow Non Sudo Users to Interface with QEMU / KVM / Virtual Machines

1 Answers1