On Mon, 01 Sep 2014 11:03:24 +0200, you wrote: > >In the default deployment of a VDI, the VDI (or equivalent file) is >readable and writeable by the UNIX user running VirtualBox > >For people using iSCSI, the iSCSI credentials are stored in a >configuration file that is readable by the UNIX user who runs VirtualBox > >In both cases, this means that the UNIX user can modify the raw VDI >filesystem contents, possibly modifying scripts that would run with root >privileges or just breaking the VDI in some way that requires extra >support effort. > >Is there any way to have the VDI file or settings owned by a system user >(e.g. a user called vbox) such that they would only be accessible to the >hypervisor and the user can only interact with the VM through the GUI?
I can think of two ways. In both, the VBox processes would run as some other user, protected against interference by the end user. 1. Have the VM started by the host. Connect to the VM using RDP or VNC. 2. Use sudo to give the end user access to just the commands and subcommands he needs to stop/start his VM. Disclaimer: I didn't try any of these myself. -- Groet, Kees Nuyt ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/ _______________________________________________ VBox-users-community mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vbox-users-community _______________________________________________ Unsubscribe: mailto:[email protected]?subject=unsubscribe
