#7198 closed defect (invalid)
sharing guest impossible because xml settings files written in mode 600 instead of 660
Reported by: | jeff stern | Owned by: | |
---|---|---|---|
Component: | other | Version: | VirtualBox 3.2.6 |
Keywords: | Cc: | ||
Guest type: | Windows | Host type: | Linux |
Description
(this is with linux/ubuntu host and windowsxp guest, with vbox 3.2.6 -- not the OSE, but the linux host downloaded from http://www.virtualbox.org/wiki/Linux_Downloads for ubuntu 10.04 AMD64.)
i noticed that Virtualbox writes its .xml config files in the ~/.VirtualBox
and ~/.VirtualBox/Machines/MACHINE_NAME
directories in mode 600, which makes it impossible to share a virtualbox guest between users on the same system. they should be written in mode '660'.
furthermore, if i as root correct the permissions to be 660 on the 2 relevant .xml files contained in these directories, then the next time VirtualBox is run for this guest, these 2 .xml files will unfortunately have their permissions re-set to 600. :o(
this shared setup worked successfully for me using the 3.1.6 OSE version from ubuntu -- i did not have this problem with the OSE. now that i've upgraded (in an attempt to get access to my USB devices), i can't share the guest between the 2 users.
my use case:
if i have two users on my home box: usera and userb. both users belong to group 'users'. i have /home/usera/.VirtualBox
and /home/userb/.VirtualBox
both sym-linked to /home/virtualbox/.VirtualBox
, and /home/virtualbox/.VirtualBox
is group-owned by 'users' and has the setgid bit set so it is in mode 2775. thus, every file and sub-directory created under it should belong to group 'users' (and this is true). my vbox name is 'WindowsXP'.
the problem is that if usera uses the system, then, in the /home/virtualbox/.VirtualBox
directory, the VirtualBox.xml
file will have its permissions set to 600 when they should be 660:
-rw------- 1 usera users 2261 2010-07-18 11:58 VirtualBox.xml
now only usera can use the system.
now if usera shuts down the guest and logs off and userb signs in and tries to access the guest, userb will get a dialogbox popping up saying:
VirtualBox - Critical Error ------------------------------- Failed to create the VirtualBox COM object. The application will now terminate. Runtime error opening '/home/userb/.VirtualBox/VirtualBox.xml' for reading: -38 (Access denied.). /home/vbox/vbox-3.2.6/src/VBox/Main/VirtualBoxImpl.cpp[535] (nsresult VirtualBox::init()).
and in the Details of that dialog box, it says:
Result Code: NS_ERROR_FAILURE (0x80004005) Component: VirtualBox Interface: IVirtualBox {3f36e024-7fed-4f20-a02c-9158a82b44e6}
(note that /home/userb/.VirtualBox/VirtualBox.xml
is really /home/virtualbox/.VirtualBox/VirtualBox.xml
)
now if i try to reset the file permissions on the /home/virtualbox/.VirtualBox/VirtualBox.xml
file:
$ chmod 660 /home/virtualbox/.VirtualBox/VirtualBox.xml
it makes that error go away, but now userb will get another, similar message, about the /home/userb/.VirtualBox/Machines/WindowsXP/WindowsXP.xml
file (which of course is really /home/virtualbox/.VirtualBox/Machines/WindowsXP/WindowsXP.xml
).
so i reset that 2nd XML file to mode 660 as well:
$ chmod 660 /home/virtualbox/.VirtualBox/Machines/WindowsXP/WindowsXP.xml
so that that file (which also belongs to 'users' group already) is accessible, now userb can fire up the WindowsXP guest. (assuming of course, that usera has shut down the guest from their side first).
however, now the reverse is true: after userb has used the guest, VirtualBox has rewritten those files and reset their mode to 600 so that they are not accessible by the group, only owner. so now usera cannot use the system. these files should be preserved in mode 660.
please let me know if there is a simple config to override this, or if i'm missing something super-obvious (most usually am :-) ) or if you need any more information, and thanks.
Change History (6)
comment:1 by , 14 years ago
comment:2 by , 14 years ago
Resolution: | → wontfix |
---|---|
Status: | new → closed |
Actually I don't see the point in sharing .xml files between different users. You can share the hard disk but the .xml files are owned by exactly one user.
comment:3 by , 14 years ago
well, i guess the point is ease and accuracy of administration. settings only have to be managed once, instead of in duplicate/parallel.
however, if what you say is true -- that it is possible to share the hard disk using parallel/duplicate settings -- then i suppose my heading is not completely accurate. it's not impossible to share a guest -- only inconvenient from an administration standpoint.
comment:4 by , 14 years ago
Resolution: | wontfix |
---|---|
Status: | closed → reopened |
I’m sorry, I really can’t see why I should not be allowed to have another user account share my virtual machines. I have VBOX_USER_HOME=/home/shared/vms in the host’s environment, so that every user who belongs to vboxusers can use any of the guest machines.
Theoretically.
In practice, since one or two versions ago (at least 3.2.6), this is no longer possible, since the permissions get completely disregarded and overwritten by VirtualBox.
I’m also quite sure that any EAs or ACLs or SELinux context for the files is lost, and I really don’t see a reason for this. In my use case, the previous behavior to just replace the contents of the .xml file was correct, not the current one.
comment:5 by , 13 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
We don't support sharing .xml files between users and we will not implement that, period. The .xml settings are per user, and every else would be a security issue on many systems.
comment:6 by , 13 years ago
i'm leaving this a closed, but just for the record, here's another guy looking for this sharing ability.
actually, i just figured out a workaround for now:
i add a custom application launcher to each user's gnome panel, which points to a bash script i made,
/home/virtualbox/runvbox.sh
the script looks like this: