Article ID: 6223, created on Apr 6, 2009, last review on May 10, 2014

  • Applies to:
  • Virtuozzo hypervisor 3.0 for Mac


Virtual machine security is based on a traditional Unix file system permissions scheme. Overall virtual machine permissions appear as a combination of permissions for the virtual machine configuration file (config.pvs) and its directory (directory where VM files are stored). Permissions are granted or denied for the User/Owner, Group, and Others accordingly.

NOTE: If the file system of the volume where the virtual machine is located does not allow you to designate permissions (i.e., FAT), every user will have View+Run+Configure access to the machine.

Managing VM permissions from Parallels Management Console

Parallels Management Console provides a simplified method for controlling access to virtual machines using a classical Unix permissions approach. This is the preferable and recommended way of managing virtual machine security.

By default, every virtual machine (VM) created has the following rights:

  • The owner (creator) has "Read+Write+Execute" (i.e., "Full access") rights.
  • Other users do not have rights to "Read," which means they have no rights.

To manage the virtual machine permissions, use the Permissions pane of the Virtual Machine Configuration dialog:

To let other users access the virtual machine, select Allow other users to access this virtual machine. If this option is disabled, other users will have no access to the virtual machine.

Sharing options:

  • View. Select this option to enable other users to add this virtual machine to the virtual machine list and view its console without being able to start, stop, or otherwise control it.
  • View and run. Select this option to enable other users to control the virtual machine and work in it, without being able to change its configuration.
  • View, run, and configure. Select this option to enable other users to perform any operations on the virtual machine and its files.

Managing VM permissions by means of Host OS command line

Using the Host OS command line, you can specify the virtual machine permissions in a more detailed way.

For example, if you want to share a VM with all users, open the Terminal on the Host OS side and issue the following command:

sudo chmod -R og+rwx vm_folder_name

(instead of "vm_folder_name," use the corresponding name of the VM folder. A folder name with spaces should be enclosed in quotes.)

For more options, execute the "Terminal" command:

man chmod

Detailed permissions specification

Parallels Server authentication is performed in compliance with the local users and groups database on the physical computer where Parallels Server is installed. Any valid and authenticated account can launch a Parallels Server session, but is able to perform only those operations that are permitted for it.

The following permission types are possible:
  • Read
  • Write
  • Execute
They result in the combinations below:
  • No Read (No Access)
  • Read Only
  • Read + Execute
  • Read + Write
  • Read + Write + Execute
Any other combinations are treated as No Read (i.e., No Access):

 Config.pvs permissions    VmFolder permissions Resulting permissions  Group permissions
 -w- or --x or -wx (No Read) A --- No Read ( No Access )
A -w- or --x or -wx (No Read) --- No Read ( No Access )
r-- rAA r-- Read Only
rw- r-- r-- Read Only
rw- r-A r-- Read Only
rw- rwA rw- Read + Write
r-x r-A r-- Read Only
r-x rwA r-x Read + Execute
rwx rwA rwx Read + Write + Execute

"-" = No Access
"r" = Read
"w" = Write
"x" = Execute
"A" = Any (including empty permission)

For file systems where access control lists (ACLs) are enabled, a more distinctive permissions assignment is possible (for more details, please refer to the "Managing VM permissions by means of Host OS command line" section above).

According to the permissions assigned, every user has the ability to perform operations with the VM as stated in the table below:

Operation No Access Read Only Read+Write Read+Execute Read+Write +Execute
See the VM in the list of available VMs No Yes Yes Yes Yes
Observe the Console of the VM launched No Yes Yes Yes Yes
Manage Console of the VM with keyboard and mouse No No Yes Yes Yes
Change VM Console run mode No Yes Yes Yes Yes
Make running VM screen shot No Yes Yes Yes Yes
Clone the VM No Yes  (complete clone only) Yes (any regime) Yes  (complete clone only) Yes
Migrate the VM from one Parallels Server host to another No No No No Yes
Remove the VM (from both VM list and host hard drive) No No Yes No Yes
Register the VM in the VM list No No Yes No Yes
Perform Start/Stop, Pause/Continue, Reset, Suspend/Resume operations No No No Yes Yes
Launch VM in Safe mode No No No No Yes
Change VM configuration (including managing devices in runtime) No No Yes No Yes
Install Parallels Tools from Management Console top menu No No Yes Yes Yes
Perform other operations, significantly changing VM state No No No Yes Yes
Perform other operations, significantly changing VM configuration No No Yes No Yes
Perform other operations, significantly changing VM content (files, applications) No No Yes Yes Yes

453b2b1d538912b3ea6595a0566bf464 0c03a22ac3f8981472743ef9e455bb91 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF