IntroductionVirtual machine security is based on a traditional Unix file system permissions scheme. Overall virtual machine permissions appear as a combination of permissions for the virtual machine configuration file (config.pvs) and its directory (directory where VM files are stored). Permissions are granted or denied for the User/Owner, Group, and Others accordingly.
NOTE: If the file system of the volume where the virtual machine is located does not allow you to designate permissions (i.e., FAT), every user will have View+Run+Configure access to the machine.
Managing VM permissions from Parallels Management Console
Parallels Management Console provides a simplified method for controlling access to virtual machines using a classical Unix permissions approach. This is the preferable and recommended way of managing virtual machine security.
By default, every virtual machine (VM) created has the following rights:
- The owner (creator) has "Read+Write+Execute" (i.e., "Full access") rights.
- Other users do not have rights to "Read," which means they have no rights.
To manage the virtual machine permissions, use the Permissions pane of the Virtual Machine Configuration dialog:
To let other users access the virtual machine, select Allow other users to access this virtual machine. If this option is disabled, other users will have no access to the virtual machine.
- View. Select this option to enable other users to add this virtual machine to the virtual machine list and view its console without being able to start, stop, or otherwise control it.
- View and run. Select this option to enable other users to control the virtual machine and work in it, without being able to change its configuration.
- View, run, and configure. Select this option to enable other users to perform any operations on the virtual machine and its files.
Managing VM permissions by means of Host OS command lineUsing the Host OS command line, you can specify the virtual machine permissions in a more detailed way.
For example, if you want to share a VM with all users, open the Terminal on the Host OS side and issue the following command:
sudo chmod -R og+rwx vm_folder_name
(instead of "vm_folder_name," use the corresponding name of the VM folder. A folder name with spaces should be enclosed in quotes.)
For more options, execute the "Terminal" command:
Detailed permissions specificationParallels Server authentication is performed in compliance with the local users and groups database on the physical computer where Parallels Server is installed. Any valid and authenticated account can launch a Parallels Server session, but is able to perform only those operations that are permitted for it.
The following permission types are possible:
- No Read (No Access)
- Read Only
- Read + Execute
- Read + Write
- Read + Write + Execute
|Config.pvs permissions||VmFolder permissions||Resulting permissions||Group permissions|
|-w- or --x or -wx (No Read)||A||---||No Read ( No Access )|
|A||-w- or --x or -wx (No Read)||---||No Read ( No Access )|
|rw-||rwA||rw-||Read + Write|
|r-x||rwA||r-x||Read + Execute|
|rwx||rwA||rwx||Read + Write + Execute|
"w" = Write
For file systems where access control lists (ACLs) are enabled, a more distinctive permissions assignment is possible (for more details, please refer to the "Managing VM permissions by means of Host OS command line" section above).
According to the permissions assigned, every user has the ability to perform operations with the VM as stated in the table below:
|Operation||No Access||Read Only||Read+Write||Read+Execute||Read+Write +Execute|
|See the VM in the list of available VMs||No||Yes||Yes||Yes||Yes|
|Observe the Console of the VM launched||No||Yes||Yes||Yes||Yes|
|Manage Console of the VM with keyboard and mouse||No||No||Yes||Yes||Yes|
|Change VM Console run mode||No||Yes||Yes||Yes||Yes|
|Make running VM screen shot||No||Yes||Yes||Yes||Yes|
|Clone the VM||No||Yes (complete clone only)||Yes (any regime)||Yes (complete clone only)||Yes|
|Migrate the VM from one Parallels Server host to another||No||No||No||No||Yes|
|Remove the VM (from both VM list and host hard drive)||No||No||Yes||No||Yes|
|Register the VM in the VM list||No||No||Yes||No||Yes|
|Perform Start/Stop, Pause/Continue, Reset, Suspend/Resume operations||No||No||No||Yes||Yes|
|Launch VM in Safe mode||No||No||No||No||Yes|
|Change VM configuration (including managing devices in runtime)||No||No||Yes||No||Yes|
|Install Parallels Tools from Management Console top menu||No||No||Yes||Yes||Yes|
|Perform other operations, significantly changing VM state||No||No||No||Yes||Yes|
|Perform other operations, significantly changing VM configuration||No||No||Yes||No||Yes|
|Perform other operations, significantly changing VM content (files, applications)||No||No||Yes||Yes||Yes|