Group for XEN

Using OpenSuse 13.1 (Bottle) and able to have running virtual machines using hypervisor and XEN. However I have to either login as root or enter root password to access them. I would like to be able to do this without the need for a root password. Virtual machine manager will open without the root password, however, once you double click on the ‘localhost(XEN)-not connected’ a system policy requesting root password popsup. enter root gives access, but I want specific users to have access without putting in a root password. What group do they need to be a member of?

I don’t have the particulars off the top of my head but aside from installing a more “enterprise” virtual machine manager(admittedly vm manager can be plenty sufficient if configured properly)

  • By default, openSUSE installs everything assuming a personal machine. That means that the default install assumes you are the only User that requires root access to apps that require that level of permissions.

  • You can address this by installing the “wheel” group which is not implemented by default on openSUSE (maybe this would be a good feature request?). You should be able to find numerous guides on how to create and install this group since it’s pretty common.

  • Following your guide, it should include instructions how to create a User to add to the Xen and wheel groups.

HTH,
If someone has a guide specific to openSUSE they are encouraged to post, but it’s likely almost any guide should be sufficient.

TSU

You can use Policy Kit (polkit) to allow non-root users access without entering a password. Seems polkit gets a yearly rewrite whether needed or not, so correct configuration depends on the version you are using. For openSUSE13.1, which has polkit version 0.112, rules are written in javascript and placed in /etc/polkit-1/rules.d. E.g., if I want to give user ‘skifaster’ access to libvirt’s non-readonly APIs, a /etc/polkit-1/rules.d/80-libvirt-manage.rules with the following will suffice

polkit.addRule(function(action, subject) {
if (action.id == “org.libvirt.unix.manage” && subject.local &&
subject.active && subject.user == “skifaster”) {
return polkit.Result.YES;
}
});

Or maybe you just want to ensure ‘skifaster’ is a member of group ‘libvirt’

polkit.addRule(function(action, subject) {
if (action.id == “org.libvirt.unix.manage” && subject.local &&
subject.active && subject.isInGroup(“libvirt”)) {
return polkit.Result.YES;
}
});

See this blog post for another example

http://goldmann.pl/blog/2012/12/03/configuring-polkit-in-fedora-18-to-access-virt-manager/