Install for me only

[camvirt]

When I try to install Virtualbox 6.04 there is an option "install for all user", "install for me" and "install on a specific device" the latter 2 options are greyed out.

Why can I not select "install for me" on my high Sierra Mac?

[socratis]

Because, for security reasons (hardening), VirtualBox is an all-users application, that has to specifically be located in "/Applications/VirtualBox.app". Move it or rename it, and it will fail to launch.

[camvirt]

Why is there an option for installing virtualbox 6.0.4 visible ?

If it is a security issue then the option should not be made visible?

Can you explain the reason for the security issue?

[socratis]

Why is there an option for installing virtualbox 6.0.4 visible ?

That's the default for the OSX installer if you click on "Customize". It gives you all available options, even the disabled ones.

If it is a security issue then the option should not be made visible?

See above.

Can you explain the reason for the security issue?

VirtualBox has several checks in place to make sure it's not tampered with. This is most prominent in the Windows installations, see Diagnosing VirtualBox Hardening Issues. On OSX/Linux one of these checks involves checking the path of VirtualBox, and it is set during building of the executable. And on OSX specifically, the path *has* to be "/Applications/VirtualBox.app/". That's why it's not possible to select another disk, or location.

[camvirt]

That makes no sense socratis.

If its a security issue you do not display the customization button. If there is just one default you don't show the customization button.

this is a flaw in the installation of high seirra which does not allow only a single user install instead of all users on a computer which is also more secure method of installation. Why should all accounts have an application installed if only one user uses the software?

[socratis]

Why should all accounts have an application installed if only one user uses the software?

You need to re-read my answer again! Which apparently you didn't the first time, otherwise we wouldn't be having this conversation.

And this time, please try to understand what I'm saying...

And on OSX specifically, the path *has* to be "/Applications/VirtualBox.app/". That's why it's not possible to select another disk, or location.

[secant]

I did read the response and you did not clarify your answer so let me clarify mine.

If I were the developer I would not place a customization button so that it is available for the users to see possibilities that do not function.

If I was a user and had multiple users using my server it would not be secure to have them all see an application that they do not use. This could lead to a user on the server playing with virtual box when it is not meant for that user. In this case installation will automatically install for every user.

[Martin]

The VirtualBox developers din't "include a customization button". They are just using the available standard installer from Apple which behaves as you have found out.
VirtualBox was designed from the start for a single (or few) user system, not for servers with a multitude of users. Oracle has other virtualization solutions available for these environments.

[socratis]

Martin already addressed both points, but here are my thoughts as well...

If I were the developer I would not place a customization button so that it is available for the users to see possibilities that do not function.

I am not sure if the Apple installer allows for that flexibility. Especially when the VirtualBox installation *needs* to be customizable!!! It's just not the customization you want, the location *cannot* be custom, which brings us to...

In this case installation will automatically install for every user.

I explained more than once that VirtualBox *needs* to be in that specific location, with those *specific* permissions. Try to mess with it, and it's done working. Try to move it, and it's done working. Try to rename it, and it's done working.

You want it somewhere else? In your "/Users/secant/Applications/VirtualBox.app"? It's doable. You have to build it from source and specify the following options when building it:

• VBOX_PATH_APP_PRIVATE      = "/Users/secant/Applications/VirtualBox.app/Contents/MacOS"
  VBOX_PATH_APP_PRIVATE_ARCH = "/Users/secant/Applications/VirtualBox.app/Contents/MacOS"
  VBOX_PATH_SHARED_LIBS      = "/Users/secant/Applications/VirtualBox.app/Contents/MacOS"
  VBOX_PATH_APP_DOCS         = "/Users/secant/Applications/VirtualBox.app/Contents/MacOS"
  

Obviously that won't run from "/Users/socratis/Applications/VirtualBox.app", you have to rebuild it from scratch...

BTW, I wouldn't put VirtualBox in a server if I were you, it could bring the server down...

Now, can you put the whole thing to rest? It's been explained ad nauseam...

[secant]

If virtualbox is using Apples standard installer the documentation should reflect that stating the it is not possible to install for a single user.

I am not using a server but a workstation with a few accounts and I see no reason why any other account should be able to interact with virtualbox except the account I install it.

[socratis]

the documentation should reflect that stating the it is not possible to install for a single user

I don't see the need for that, it's way more than obvious from the installer. What's next? Documenting that you should be pressing the "Next" button?

and I see no reason why any other account should be able to interact with virtualbox except the account I install it.

You're not good at reading threads in their entirety, are you? I've said it as many times as I possible can, in all forms that I possible can; it's a security issue!

1. The application *needs* to be installed in "/Applications/VirtualBox.app", do you understand that part? Can't be nowhere else, or it will fail to launch!
2. Being in "/Applications" makes it accessible to every user of the system. End of story.

If you don't like it, go ahead and build your own VirtualBox version! The instructions are already posted in my message right above your last message.

[andyp73]

I see no reason why any other account should be able to interact with virtualbox except the account I install it.

I expect that there are plenty of other applications, system utilities, etc. that are on your system that you wouldn't want other accounts to interact with but they are still there.

The important thing (for most people at least) is that the configuration files of the guests and their virtual hard disk files reside under /Users/<you>/VirtualBox VMs and so are accessible only by you.

-Andy.