IntroductionVirtual machine security is based on traditional Unix file system permisions scheme. Virtual machine overall permissions appear as a combination of permissions for virtual machine configuration file (config.pvs) and its directory (directory where VM files are stored). Permissions are granted or denied for User/Owner, Group and Others accordingly.
NOTE: if the filesystem of the volume where virtual machine is located does not allow to designate permissions (i. e. FAT) every user will have View+Run+Configure access to the machine.
Managing VM permissions from Parallels Management Console
Parallels Management Console provides simplified method for controlling access to virtual machine using classical Unix permissions approach. This is the most preferable and recommended way of managing virtual machine security.
By default every virtual machine (VM) created has the following rights:
- Owner (creator) has Read+Write+Execute (i.e. Full access) rights
- Other users do not have rights to Read which means having No rights
To manage the virtual machine permissions, use the Permissions pane of the Virtual Machine Configuration dialog:
To let other users access the virtual machine, select Allow other users to access this virtual machine. If this option is disabled, other users will have no access to the virtual machine.
- View. Select this option to enable other users to add this virtual machine to the virtual machine list and view its console without being able to start, stop or otherwise control it.
- View and run. Select this option to enable other users to control the virtual machine and work in it, without being able to change its configuration.
- View, run and configure. Select this option to enable other users to perform any operations on the virtual machine and its files.
Managing VM permissions by means of Host OS command lineUsing Host OS command line you can specify virtual machine permissions in more detailed way.
For example, if you want to share VM with all users open Terminal on the Host OS side and issue the following command:
sudo chmod -R og+rwx vm_folder_name
(instead vm_folder_name use correspond name of VM folder. Folder name with spaces should be wrapped into quotes)
For more options, please, execute Terminal command:
Detailed permissions specificationParallels Server authentication is performed in compliance of local users and groups database on the physical computer where Parallels Server is installed. Any valid and authenticated account can launch Parallels Server session but is able to perform only those operations which are permitted for it.
The following permission types are possible:
- No Read (No Access)
- Read Only
- Read + Execute
- Read + Write
- Read + Write + Execute
|Config.pvs permissions||VmFolder permissions||Resulting permissions||Group permissions|
|-w- or --x or -wx (No Read)||A||---||No Read ( No Access )|
|A||-w- or --x or -wx (No Read)||---||No Read ( No Access )|
|rw-||rwA||rw-||Read + Write|
|r-x||rwA||r-x||Read + Execute|
|rwx||rwA||rwx||Read + Write + Execute|
For file systems where access control lists (ACLs) are enabled more distinctive permissions assignment is possible (for more details please refer to the part "Managing VM permissions by means of Host OS command line " above).
According to the permissions assigned every user has ability to perform operations with the VM as stated in the table below:
|Operation||No Access||Read Only||Read +Write||Read +Execute||Read+Write +Execute|
|See the VM in the list of available VMs||No||Yes||Yes||Yes||Yes|
|Observe the Console of the VM launched||No||Yes||Yes||Yes||Yes|
|Manage Console of the VM with keyboard and mouse||No||No||Yes||Yes||Yes|
|Change VM Console run mode||No||Yes||Yes||Yes||Yes|
|Make running VM screen shot||No||Yes||Yes||Yes||Yes|
|Clone the VM||No||Yes (complete clone only)||Yes (any regime)||Yes (complete clone only)||Yes|
|Migrate the VM from one Parallels Server host to another||No||No||No||No||Yes|
|Remove the VM (from both VM list and host hard drive)||No||No||Yes||No||Yes|
|Register the VM in the VM list||No||No||Yes||No||Yes|
|Perform Start/Stop, Pause/Continue, Reset, Suspend/Resume operations||No||No||No||Yes||Yes|
|Launch VM in Safe mode||No||No||No||No||Yes|
|Change VM configuration (including managing devices in runtime)||No||No||Yes||No||Yes|
|Install Parallels Tools from Management Console top menu||No||No||Yes||Yes||Yes|
|Perform other operations significantly changing VM state||No||No||No||Yes||Yes|
|Perform other operations significantly changing VM configuration||No||No||Yes||No||Yes|
|Perform other operations significantly changing VM content (files, applications)||No||No||Yes||Yes||Yes|