Results 1 to 3 of 3

Thread: Group for XEN

  1. #1
    Join Date
    Aug 2011
    Location
    Iowa, USA
    Posts
    18

    Default Group for XEN

    Using OpenSuse 13.1 (Bottle) and able to have running virtual machines using hypervisor and XEN. However I have to either login as root or enter root password to access them. I would like to be able to do this without the need for a root password. Virtual machine manager will open without the root password, however, once you double click on the 'localhost(XEN)-not connected' a system policy requesting root password popsup. enter root gives access, but I want specific users to have access without putting in a root password. What group do they need to be a member of?

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,295
    Blog Entries
    2

    Default Re: Group for XEN

    I don't have the particulars off the top of my head but aside from installing a more "enterprise" virtual machine manager(admittedly vm manager can be plenty sufficient if configured properly)

    - By default, openSUSE installs everything assuming a personal machine. That means that the default install assumes you are the only User that requires root access to apps that require that level of permissions.

    - You can address this by installing the "wheel" group which is not implemented by default on openSUSE (maybe this would be a good feature request?). You should be able to find numerous guides on how to create and install this group since it's pretty common.

    - Following your guide, it should include instructions how to create a User to add to the Xen and wheel groups.

    HTH,
    If someone has a guide specific to openSUSE they are encouraged to post, but it's likely almost any guide should be sufficient.

    TSU

  3. #3

    Default Re: Group for XEN

    You can use Policy Kit (polkit) to allow non-root users access without entering a password. Seems polkit gets a yearly rewrite whether needed or not, so correct configuration depends on the version you are using. For openSUSE13.1, which has polkit version 0.112, rules are written in javascript and placed in /etc/polkit-1/rules.d. E.g., if I want to give user 'skifaster' access to libvirt's non-readonly APIs, a /etc/polkit-1/rules.d/80-libvirt-manage.rules with the following will suffice

    polkit.addRule(function(action, subject) {
    if (action.id == "org.libvirt.unix.manage" && subject.local &&
    subject.active && subject.user == "skifaster") {
    return polkit.Result.YES;
    }
    });

    Or maybe you just want to ensure 'skifaster' is a member of group 'libvirt'

    polkit.addRule(function(action, subject) {
    if (action.id == "org.libvirt.unix.manage" && subject.local &&
    subject.active && subject.isInGroup("libvirt")) {
    return polkit.Result.YES;
    }
    });

    See this blog post for another example

    http://goldmann.pl/blog/2012/12/03/c...-virt-manager/

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •