Possible VirtualBox.xml permissions bug

[rocon]

Hi,

Running VirtualBox 3.2.4 on Solaris. If 2 users want to share Virtualbox configuration data, they can both set their VBOX_USER_HOME variable to the same place and change the permissions on VirtualBox.xml to be permissive to both. However once one user makes any modification which causes a write to the $VBOX_USER_HOME/VirtualBox.xml file, it clobbers the file permissions on the $VBOX_USER_HOME/VirtualBox.xml file. This means that 2 users can never share access to VirtualBox machines. Is this a bug or an RFE?

Cheers,

Ronan

e.g.

# useradd -d /export/home/u1 -m -s /bin/bash u1
# useradd -d /export/home/u2 -m -s /bin/bash u2
# mkdir /opt/vbh
# chmod 777 /opt/vbh
# mkdir /opt/vbh/Machines
# chmod 777 /opt/vbh/Machines
# su - u1
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
-bash-3.00$ export VBOX_USER_HOME=/opt/vbh
-bash-3.00$ VBoxManage createvm --name vb1 --ostype Solaris --settingsfile /opt/vbh/Machines/vb1.xml --register
Oracle VM VirtualBox Command Line Management Interface Version 3.2.4
(C) 2005-2010 Oracle Corporation
All rights reserved.

Virtual machine 'vb1' is created and registered.
UUID: 3c6c8dbd-e97f-4681-baa0-078066de6422
Settings file: '/opt/vbh/Machines/vb1.xml'
-bash-3.00$ ls -la /opt/vbh/VirtualBox.xml
-rw------- 1 u1 other 900 Jun 15 19:12 /opt/vbh/VirtualBox.xml
-bash-3.00$ chmod 777 /opt/vbh/VirtualBox.xml
-bash-3.00$ ls -la /opt/vbh/VirtualBox.xml
-rwxrwxrwx 1 u1 other 900 Jun 15 19:12 /opt/vbh/VirtualBox.xml
-bash-3.00$ exit
logout
# su - u2
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
-bash-3.00$ export VBOX_USER_HOME=/opt/vbh
-bash-3.00$ VBoxManage createvm --name vb2 --ostype Solaris --settingsfile /opt/vbh/Machines/vb2.xml --register
Oracle VM VirtualBox Command Line Management Interface Version 3.2.4
(C) 2005-2010 Oracle Corporation
All rights reserved.

Virtual machine 'vb2' is created and registered.
UUID: fcde1a27-f7f2-4c22-8a45-60924fc45f8e
Settings file: '/opt/vbh/Machines/vb2.xml'
-bash-3.00$ ls -la /opt/vbh/VirtualBox.xml
-rw------- 1 u2 other 1000 Jun 15 19:14 /opt/vbh/VirtualBox.xml

[ahznb]

You can put user2 in user1's group, and set VirtualBox.xml's group persmission to user1,rw. But then if you modify settings in VirtualBox.xml, the group permissions changes to none, which pisses me off. You don't even have to change any settings, just having the Virtualbox GUI open long enough, it will reset VirtualBox.xml's permissions! This never happened prior to 3.2.

The same is happening for virtual machines' xml/log/snapshot files. Which means you can't share virtual machines with different users either.

[jsilence]

*bump*

Same problem here.
Host: OSX

Very annoying indeed.

[Sasquatch]

Only thing I can think of is a work around, launch VB from a script that sets the permissions to 664 or something, then start VB. One could change the normal binary file to let's say VirtualBox-bin, make VirtualBox a script with this in it:

Code: Select all

chmod 660 /path/to/VirtualBox.xml
VirtualBox-bin

Don't forget to make it executable (chmod +x).

[ahznb]

That requires sudo each time launched, which is something I want to avoid.

[Sasquatch]

You got a point, unless you run it with the user that owns the file from the start. Sounds like a script for when you close VB, but can be tricky. Switching the commands could work, but you need to keep the GUI running as long as you have VMs running that can write to the main XML file. Of course, if the VMs don't write the main XML file, it's fine.

[ahznb]

Even chmod after VB closes will not help if the different users are not in the same group, as the next user still can't access virtualbox.xml because he's neither the previous user nor in that group.

[Sasquatch]

If the user isn't in the group, then why should it run a VM or VB anyway? Didn't you set the group permissions to vboxusers? That's the easiest solution for that. All users that want to run VB VMs need to be a member of that group anyway. Not a member, no permission to VirtualBox.xml nor the kernel module.

[ahznb]

Also, not only does VB change permissions to virtualbox.xml, it also changes permissions for eth0 (or whatever network interface being used), which prevents multiple users launching at the same time in bridged mode.

[otobyt]

Frustrating issue...
Wrote the following bash script, .run_vm, as a work-around... it's not an elegant solution at all, but will do the job for now.
This assumes that all users' ~/.VirtualBox directories are linked to a common .VirtualBox directory, and that users belong to the same default group:

#!/bin/bash
if [ $# -ne 1 ]; then
echo "Enter the VM to start: "
read machine
else
machine=$1
fi
VBoxManage startvm $machine

temp=`/bin/pidof VirtualBox` # get VirtualBox pid
while [ -n "$temp" ] # while VirtualBox is running (pid is not null)
do
temp=`/bin/pidof VirtualBox`
done

find ~/.VirtualBox/ -type d -exec chmod 770 {} \;
find ~/.VirtualBox/ -type f -exec chmod 660 {} \;
chmod 770 ~/.VirtualBox/.run_vm



... will hope to see a fix in future versions of the software.