Running VirtualBox as non-root user
decke at freebsd.org
Wed Sep 29 18:17:35 UTC 2021
On Wed, Sep 29, 2021 at 8:01 PM Mario Lobo <lobo at bsd.com.br> wrote:
> Here is what I've done so far:
> - Created user vbox and put it in vboxuser group
> - Went as far as chown -R vbox:vboxuser /usr/local/lib/virtualbox
> - Executables are with the SUiD bit set
> -r-s--x--- 1 vbox vboxusers 32064 Sep 21 22:18 VBoxSDL
> -r-s--x--- 1 vbox vboxusers 16064 Sep 21 22:18 VBoxNetAdpCtl
> -r-s--x--- 1 vbox vboxusers 32064 Sep 21 22:18 VBoxNetDHCP
> -r-s--x--- 1 vbox vboxusers 32064 Sep 21 22:18 VBoxNetNAT
> -r-s--s--- 1 vbox vboxusers 32352 Sep 22 17:55 VirtualBoxVM
> - Imported a test VM
> - Ran the VM as root to make sure it's working
> - started VirtualBox as user vbox, and it starts fine
> VirtualBox GUI starts fine as user vbox but when I try to start the test VM
> from it, I get:
> Effective UID is not root (euid=1001 egid=920 uid=1001 gid=1001) (rc=-10)
> where: SUPR3HardenedMain what: 2 VERR_PERMISSION_DENIED (-10) - Permission
> Starting it from VirtualBoxVM --startvm test issues the same error:
> VirtualBoxVM: Error -10 in SUPR3HardenedMain!
> VirtualBoxVM: Effective UID is not root (euid=1001 egid=920 uid=1001
> where: SUPR3HardenedMain
> what: 2
> VERR_PERMISSION_DENIED (-10) - Permission denied.
> Any pointer for anything else I should be doing or is missing?
Puh it's been a long time for me but from what I read there are two things that
sound problematic to me.
1) vbox uses something that they call "hardening" which does some checks
in addition to the suid/sgid bits. Changing permissions and/or
user/group is asking
for trouble! I'd recommend to reinstall the vbox package in that case. The
instructions in the handbook should be enough.
pw groupmod vboxusers -m yourusername
2) Starting a VM as root is definitely not a good idea either. The
problem is that
vbox it will create some temporary files/directories as root somewhere
or was it /var? When the VM is stopped the directories are left and you won't be
able to write to them as user afterwards. If the VM is not running it
should be okay
to just delete them but please have a look at the content first to make sure.
More information about the freebsd-questions