Group ownership of devices changes for "raw partitions"

Discussions related to using VirtualBox on Linux hosts.
Post Reply
Toralf
Posts: 5
Joined: 21. Mar 2013, 11:51

Group ownership of devices changes for "raw partitions"

Post by Toralf »

Hi,

I'm using VirtualBox 5.2 on CentOS Linux 7 to run a "real" Windows installation via the "raw partition" support. In other words, the VirtualBox image was set up "VBoxManage internalcommands createrawvmdk -filename ... -rawdisk /dev/sda -partitions ...".

The configuration works fairly well, but there is one somewhat annoying problem: It seems like VirutalBox changes the group ownership of the device files corresponding to the windows partitions. This happens when I shut down the guest system; essentially it's like this:
- After I boot the Linux system, all /dev/sda* devices belong to group "disk".
- If I start up VirtualBox, the devices still belong to "disk".
- While I use the Windows guest, the devices belong to "disk"...
- After I shut down Windows, and the VirtualBox window goes away, some of the /dev/sda* files have group "root" instead of "disk". The device files in question seem to correspond to the partitions that are available to Windows.

This is a bit of an issue as it makes it harder to set up the system so that regular users can (always) run the guest OS. Since the devices are also readable and writeable by the group (but not other users), this would normally be a matter of adding the relevant users to the "disk" group, but with the above mentioned behaviour, that won't always work. I'm more reluctant to add to "root", and I don't really like having to manage two groups instead of one...

Does anyone know why the group changes like this? Is there a way to stop it from happening?

Thanks.

- Toralf
socratis
Site Moderator
Posts: 27330
Joined: 22. Oct 2010, 11:03
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Win(*>98), Linux*, OSX>10.5
Location: Greece

Re: Group ownership of devices changes for "raw partitions"

Post by socratis »

Toralf wrote:It seems like VirutalBox changes the group ownership of the device files corresponding to the windows partitions.
VirtualBox can't change anything and especially if the user running VirtualBox isn't the owner. For example it doesn't/can't change a thing on my rawdisk access on OSX, I have to explicitly log in as admin and give write access to the user. And it stays like that as long as I don't reboot.

Raw disk access is not a plug and play, especially for simply users. You need to have full access to the device/disk, something reserved for system/root.
Do NOT send me Personal Messages (PMs) for troubleshooting, they are simply deleted.
Do NOT reply with the "QUOTE" button, please use the "POST REPLY", at the bottom of the form.
If you obfuscate any information requested, I will obfuscate my response. These are virtual UUIDs, not real ones.
Toralf
Posts: 5
Joined: 21. Mar 2013, 11:51

Re: Group ownership of devices changes for "raw partitions"

Post by Toralf »

socratis wrote:
Toralf wrote:It seems like VirutalBox changes the group ownership of the device files corresponding to the windows partitions.
VirtualBox can't change anything and especially if the user running VirtualBox isn't the owner.
Then how do you explain the fact that the device group always changes after I've run VirtualBox, and never in any other situation?

What I take to be the core VirtualBox executable -/usr/lib/virtualbox/VirtualBox on my machine - is actually setuid root, so it can pretty much change anything it likes. (But I'm assuming it still runs the main session as the user that started it.)
socratis wrote: For example it doesn't/can't change a thing on my rawdisk access on OSX, I have to explicitly log in as admin and give write access to the user. And it stays like that as long as I don't reboot.

Raw disk access is not a plug and play, especially for simply users. You need to have full access to the device/disk, something reserved for system/root.
It actually works rather well, except for the problem mentioned here. And the device access is not reserved for root; like I said everything is writeable by anyone belonging to the group "disk" out-of-the box. Running as such a (non-root) user is clearly better than using "root", I think. Actually, I believe most people these days would say that running anything as root is something that you should go out of your way to avoid.
Post Reply