Hi,
I finally managed to get a working Win7 (64bit) virtual machine which is accessible by as many local non-admin users as I want.
The "Shared" folder as storage location for the virtual box container is necessary but not sufficient.
Try starting a terminal session and check the rights of the "Shared" folder by entering the following command:
Code: Select all
ls -eld /Users/Shared
drwxrwxrwt 19 root wheel 646 9 Jul 23:39 /Users/Shared
As you can see, the directory is readable, writable and executable by all users and groups. Besides, the "t" bit is set, which means that whoever is writing new files, the directory behaves as if the current user was the owner of it.
Now let's have a look at a typical "VirtualBox VMs" directory. Inside the subdirectory with the VM's name, you can find the .vdi file containing the virtual harddisk of the VM along with a current .vbox file and its previous .vbox-prev version.
That's the point: Whenever you start a new VM session, the .vbox file is backed up by renaming it to .vbox-prev , and a new .vbox file is created by the current session's user. But when a user creates a new file in the Shared folder, (s)he is the owner of it and the only one allowed to write to it. Other users can see and read it, but this isn't enough for VirtualBox to run properly.
What you need is to instruct OSX to grant everyone the right to write to new files in the VM directory, regardless of the original owner of the file.
OK, enough theory
Here's my step-by-step tutorial (my OSX is in German language, so please excuse my translated item names if spelled different to Apple):
- Change the default path of new VirtualBox VMs to some directory inside "/Users/Shared".
- Create the new VM inside the speficied shared subdirectory.
- Create a new group in SystemSettings => Users. All users belonging to this group will have the right to write to the files/directories inside the shared VM subdirectory. I called the group "Shared". Assign users to this group.
- Right-click on the new shared VM subdirectory in the Finder and select "Information". Open the lock by entering admin name/password. Add the new group to the list of users and rights, and assign read & write rights to it.
- Click on the wheel pictogram at the bottom and select "Apply to all subitems...". Confirm the warning message. Close the information window.
- Open a terminal session, switch to admin, and print the current state of the access control list entries of the shared VM subdirectory (my machine is called "traktor"):
Code: Select all
traktor:~ MiK$ su - admin
Password:
traktor:~ admin$ cd /Users/Shared
traktor:Shared admin$ ls -eld VirtualBox\ VMs
drwxr-xr-x+ 4 MiK wheel 136 Jul 10 00:04 VirtualBox VMs
0: group:shared allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity
traktor:Shared admin$
- Copy the part after the "0: " up to the end of the line into the buffer (select with mouse, CMD-C).
- Build up the following (complicated) command line (all into a single line, bold characters meant to be typed literally):
- sudo chmod =a# 0 (the last character is the number zero, not a big o!)
- a blank and a double quote: "
- the contents of the copy buffer (CMD-V)
- ,file_inherit,directory_inherit" (note the initial comma and the closing double quote at the end)
- a blank
- the name of the shared VM subdirectory.
By doing this, you add inheritance privileges of the current read/write settings to all subdirectories and files created in the future.
Here's my personal complete line of code given as an example (do not copy it literally!):
Code: Select all
traktor:Shared admin$ sudo chmod =a# 0 "group:shared allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" VirtualBox\ VMs
Password:
traktor:Shared admin$
- Exit the terminal session, and reopen the information window for the shared VM subdirectory. Open the admin lock, click on the wheel below the users/rights list and select "Apply to all subitems..." entry again. Confirm the warning message, and close the information window afterwards.
Congratulations, you're done!
Now the additional inheritance rights are active for all current and future files inside the shared VM subdirectory. These rights allow every member of the new group to read and write all subdirectories and files of the shared VM subdir. No more hassle with VirtualBox complaining that a file is inaccessible!
The inheritance ACL rights are not shown by the finder, they can be set only by shell commands. That's why you need the "chmod" command line.
I hope it works for you as flawlessly as it does for me.
Greetings,
MiK