Unix & Linux Asked by Mikhail Morfikov on November 14, 2021
I wanted to play a little bit with KVM on my Debian, and I installed the needed tools. The three groups showed up in the /etc/group file: kvm , libvirt and libvirt-qemu . What’s the purpose of each of these groups?
For now I know that the libvirt group allows a regular user (via policykit) to connect to the libvirtd daemon without asking for root password, and hence it allows to create/remove/configure/manage of virtual machines.
I also know, that the /dev/kvm device has set the kvm group. What can a user do when he has read/write permissions to this device? Should I add a regular user to this group? If so, why?
I don’t really know what’s the purpose of the libvirt-qemu group. It looks like it’s redundant, but many HowTos on the net suggest to add a regular user also to this group. Is this required?
See /usr/share/doc/libvirt-daemon/README.Debian: the libvirt group controls access to libvirt, through PolicyKit (as you determined), and libvirt-qemu is the user and group used to run system QEMU/KVM processes. You needn’t care about the latter, it’s an implementation detail, not a group end users need to be added to.
Membership of the kvm group grants access to /dev/kvm, which is necessary to run VMs using KVM. This is controlled using uaccess now, so the currently-active user on the console gets access automatically. libvirt-qemu’s primary group is kvm, which is how libvirt-managed VMs get access to KVM.
Answered by Stephen Kitt on November 14, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP