Search

Language:  
Search for:

Available article translations:

Virtual Machine Security

APPLIES TO:
  • Parallels Server 3.0 for Mac

Introduction

Virtual machine security is based on a traditional Unix file system permissions scheme. Overall virtual machine permissions appear as a combination of permissions for the virtual machine configuration file (config.pvs) and its directory (directory where VM files are stored). Permissions are granted or denied for the User/Owner, Group, and Others accordingly.

NOTE: If the file system of the volume where the virtual machine is located does not allow you to designate permissions (i.e., FAT), every user will have View+Run+Configure access to the machine.

Managing VM permissions from Parallels Management Console

Parallels Management Console provides a simplified method for controlling access to virtual machines using a classical Unix permissions approach. This is the preferable and recommended way of managing virtual machine security.

By default, every virtual machine (VM) created has the following rights:

  • The owner (creator) has "Read+Write+Execute" (i.e., "Full access") rights.
  • Other users do not have rights to "Read," which means they have no rights.

To manage the virtual machine permissions, use the Permissions pane of the Virtual Machine Configuration dialog:



To let other users access the virtual machine, select Allow other users to access this virtual machine. If this option is disabled, other users will have no access to the virtual machine.

Sharing options:

  • View. Select this option to enable other users to add this virtual machine to the virtual machine list and view its console without being able to start, stop, or otherwise control it.
  • View and run. Select this option to enable other users to control the virtual machine and work in it, without being able to change its configuration.
  • View, run, and configure. Select this option to enable other users to perform any operations on the virtual machine and its files.

Managing VM permissions by means of Host OS command line

Using the Host OS command line, you can specify the virtual machine permissions in a more detailed way.

For example, if you want to share a VM with all users, open the Terminal on the Host OS side and issue the following command:

sudo chmod -R og+rwx vm_folder_name

(instead of "vm_folder_name," use the corresponding name of the VM folder. A folder name with spaces should be enclosed in quotes.)

For more options, execute the "Terminal" command:

man chmod

Detailed permissions specification

Parallels Server authentication is performed in compliance with the local users and groups database on the physical computer where Parallels Server is installed. Any valid and authenticated account can launch a Parallels Server session, but is able to perform only those operations that are permitted for it.

The following permission types are possible:
  • Read
  • Write
  • Execute
They result in the combinations below:
  • No Read (No Access)
  • Read Only
  • Read + Execute
  • Read + Write
  • Read + Write + Execute
Any other combinations are treated as No Read (i.e., No Access):

 Config.pvs permissions    VmFolder permissions Resulting permissions  Group permissions
 -w- or --x or -wx (No Read) A --- No Read ( No Access )
A -w- or --x or -wx (No Read) --- No Read ( No Access )
r-- rAA r-- Read Only
rw- r-- r-- Read Only
rw- r-A r-- Read Only
rw- rwA rw- Read + Write
r-x r-A r-- Read Only
r-x rwA r-x Read + Execute
rwx rwA rwx Read + Write + Execute

"-" = No Access
"r" = Read
"w" = Write
"x" = Execute
"A" = Any (including empty permission)

For file systems where access control lists (ACLs) are enabled, a more distinctive permissions assignment is possible (for more details, please refer to the "Managing VM permissions by means of Host OS command line" section above).

According to the permissions assigned, every user has the ability to perform operations with the VM as stated in the table below:

Operation No Access Read Only Read+Write Read+Execute Read+Write +Execute
See the VM in the list of available VMs No Yes Yes Yes Yes
Observe the Console of the VM launched No Yes Yes Yes Yes
Manage Console of the VM with keyboard and mouse No No Yes Yes Yes
Change VM Console run mode No Yes Yes Yes Yes
Make running VM screen shot No Yes Yes Yes Yes
Clone the VM No Yes  (complete clone only) Yes (any regime) Yes  (complete clone only) Yes
Migrate the VM from one Parallels Server host to another No No No No Yes
Remove the VM (from both VM list and host hard drive) No No Yes No Yes
Register the VM in the VM list No No Yes No Yes
Perform Start/Stop, Pause/Continue, Reset, Suspend/Resume operations No No No Yes Yes
Launch VM in Safe mode No No No No Yes
Change VM configuration (including managing devices in runtime) No No Yes No Yes
Install Parallels Tools from Management Console top menu No No Yes Yes Yes
Perform other operations, significantly changing VM state No No No Yes Yes
Perform other operations, significantly changing VM configuration No No Yes No Yes
Perform other operations, significantly changing VM content (files, applications) No No Yes Yes Yes



ca05eaf5b843fbd53589c90d7228a6df d08e9d0983e1ee40a051cbeb33bd855c f5fb5ece659efa734e6246bdcb55fa2c 2897d76d56d2010f4e3a28f864d69223

FEEDBACK
Was this article helpful?
Tell us how we may improve it.
Yes No
 
 
 
 
 
 
Desktop Virtualization
- Parallels Desktop 9 for Mac
- Parallels Transporter
- Parallels Desktop Switch to Mac Edition
- Parallels Desktop for Mac Enterprise Edition
- Parallels Management-Mac for Microsoft SCCM
Server Virtualization
- Parallels Cloud Server
- Parallels Containers for Windows 6.0 Beta
- Parallels Virtuozzo Containers
Automation
- Parallels Automation
- Parallels Automation for Cloud Infrastructure
- Parallels Business Automation Standard
- Parallels Virtual Automation
- Parallels Plesk Panel Suite
- Web Presence Builder
- Parallels Plesk Automation
- Parallels Small Business Panel
- Value-added Services for Hosters
- Parallels Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification