The Daily Admin

On a RHEL5, RHEL6 and any other RHEL variant, you might run into the annoying password prompt when you try to run virt-manager as a normal user.  Normally, you will see this prompt pop up when you are logged into the Desktop Environment as a normal user, and then try to launch virt-manager from your "Applications --> System Tools" menu, or you might even see it when you run virt-manager from the shell as a normal user.

This is done for good reason, system security.  But, when you are the primary workstation user, and you use Virtual Machines on a daily basis, you are like me and probably getting annoyed by entering your sudo or root password when you launch the virt-manager.  HAVE NO FEAR! There is a perfectly acceptable way of managing this.  We are going to take advantage of PolicyKit to manage what the normal user can run. In this case, we are going to create a policy that allows any user that is a member of the "virtman" group the ability to launch virt-manager without being prompted for authentication.  This makes is easy to give this ability to other users of the machine by simply adding them to the virtman group that we will create.

Here we go.  Follow these steps to get it setup:

1. Create the virtman group on your machine.   You can do this however your comfortable, or you can simply use the command below: (Notice we made the group a system group for cleanliness)

sudo groupadd -r virtman

 

2. Add whatever users you want to this system group: (in this example we are adding the user JohnDoe to the group virtman)

sudo usermod -a -G virtman JohnDoe

 

3. Now, we need to create our PolicyKit policy that will allow the users of virtman to run virt-manager.  You can do this in a number of ways. The contents of the file will need to include the following:

[Allow group virtman libvirt management permissions]
Identity=unix-group:virtman
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

Paste the above lines into a newly created file at this path:  /etc/polkit-1/localauthority/50-local.d/50-org.virtman-libvirt-local-access.pkla

You can use which ever editor you prefer, just so long as you place the file in the path I noted above, and that it has the contents as described.

But, if your like me, feel free to wget a copy of the file that I have hosted on this server.  You can grab the file, and place it in the right directory using this command:

sudo wget -P /etc/polkit-1/localauthority/50-local.d/50-org.virtman-libvirt-local-access.pkla http://www.gigahype.com/wp-content/uploads/2012/12/50-org.virtman-libvirt-local-access.pkla

 

Voila! you are finished!  You can test the results by simply starting virt-manager from your applications menu or the command line and it should no longer prompt for password for anyone that is a member of the virtman group!

This entry was posted on Monday, December 17th, 2012 at 10:23 am by CubedRoot and is filed under Fedora, Linux, Redhat. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.