Log in
Request Support

Allow standard users to manage KVM using virsh / virt-manager

  • Blog
  • Allow standard users to manage KVM using virsh / virt-manager

For security reasons, KVM by default restricts management operations to users with root privileges.

This is just a snippet from our best-selling eBook: Mastering KVM Virtualization. Continue learning with the full version – online or as a PDF. Get it here.

This can be demonstrated using the virsh command to list all networks, which typically requires root access. We are running the command as standard user (without any privileges)

$ virsh net-list

Name State Autostart Persistent
----------------------------------------

We can see the list is empty yet default network exists in this KVM node.

Enable standard Linux users to manage KVM host

For standard (non-root) Linux users to manage KVM hypervisor we need to setup appropriate configurations and user permissions.

Follow these detailed steps to safely grant non-root users powers to perform tasks on KVM.

  1. Create a New User Group: Let’s create a new user group called libvirt. This group will have the necessary permissions to administer with KVM. Skip if it exists and go to step 2.
sudo groupadd --system libvirt
  1. Add Users to the Group: Next we are adding specific user accounts to the group created.
sudo usermod -a -G libvirt <username>

Replace <username> with the actual username of the standard user you want to grant KVM management permissions. Repeat this step for each user you want to add.

  1. Modify Libvirt Configuration: Edit the Libvirt configuration file to allow members of the libvirt group to manage KVM:
sudo vim /etc/libvirt/libvirtd.conf

Locate the line unix_sock_group in the configuration file:

#unix_sock_group = "libvirt"

Uncomment the line and set the value to the libvirt group:

unix_sock_group = "libvirt"

Also ensure the following lines are uncommented and set as needed:

unix_sock_group = "libvirt"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0770"

Open the qemu.conf file and

sudo vim /etc/libvirt/qemu.conf

Uncomment the following lines and set as needed:

# Around line 519
user = "qemu"
group = "libvirt"
dynamic_ownership = 1
  1. Restart Libvirtd Service: After making the changes you need to restart the Libvirtd service:
sudo systemctl restart libvirtd
  1. Verify Permissions: Validate that a standard user can now manage KVM without sudo.
# Switch to standard user account
su - <username>

# List groups the user belongs to, kvm_admins should be in the list.
groups <username>
  1. Manager KVM as Standard User: Finally we can test if a user in the kvm_admins group can now run virsh commands or use virt-manager without sudo privilege escalation.
newgrp libvirt
virsh net-list

The user can also use graphical tools like virt-manager to manage the VMs:

virt-manager
Twitter Facebook Linkedin Whatsapp Reddit

Join our Linux and open source community. Subscribe to our newsletter for tips, tricks, and collaboration opportunities!

Recent Post

Categories

Unlock the Right Solutions with Confidence

At CloudSpinx, we don’t just offer services - we deliver clarity, direction, and results. Whether you're navigating cloud adoption, scaling infrastructure, or solving DevOps challenges, our seasoned experts help you make smart, strategic decisions with total confidence. Let us turn complexity into opportunity and bring your vision to life.

Email us
Chat with us

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Post

Best 32GB DDR4 RAM Kits (2x16GB & 1x32GB) for Performance

If you’re looking to upgrade your PC or laptop, 32GB of DDR4 RAM strikes the perfect balance between performance and […]

  • NO COMMENTS
  • July 24, 2025
Install and Use Zsh with Oh-My-Zsh on Linux Mint 22

What is Zsh? Short for Z shell, Zsh is command line shell with a lot of new features and supports […]

  • NO COMMENTS
  • July 24, 2025
4 Best 64GB DDR4 RAM Kit (2x32GB) To Buy

When you’re shopping for a 64GB DDR4 RAM kits, you’re not just upgrading memory, but upgrading capability. Whether you’re powering […]

  • NO COMMENTS
  • July 24, 2025

Cloud Services

Infra Services

Iac & GitOps

IT Support

InfoSec

Development

Elearning

  • Ebooks
  • Cheat Sheets
  • Certifications Prep
Latest Articles
Follow Us
X-twitter Linkedin Facebook-f Github

Cloud Services

Infrastructure Support

Microservices & GitOps

IT Support Services

IT Support Services

Software Development

Elearning

  • Certifications Prep
  • Cheat Sheets
  • Ebooks
Latest Articles
Follow Us
X-twitter Linkedin Facebook-f Github

Let's Connect

Unleash the full potential of your business with CloudSpinx. Our expert solutions specialists are standing by to answer your questions and tailor a plan that perfectly aligns with your unique needs.
You will get a response from our solutions specialist within 12 hours
We understand emergencies can be stressful. For immediate assistance, chat with us now

Contact CloudSpinx today!

Download CloudSpinx Profile

Discover the full spectrum of our expertise and services by downloading our detailed Company Profile. Simply enter your first name, last name, and email address.