How To

Allow standard users to manage KVM using virsh / virt-manager

Josphat Mutai Updated Mar 16, 2026 · 2 min read

For security reasons, KVM by default restricts management operations to users with root privileges.

Original content from computingforgeeks.com - post 87708

This can be demonstrated using the virsh command to list all networks, which typically requires root access. We are running the command as standard user (without any privileges)

$ virsh net-list

Name State Autostart Persistent
----------------------------------------

We can see the list is empty yet default network exists in this KVM node.

Enable standard Linux users to manage KVM host

For standard (non-root) Linux users to manage KVM hypervisor we need to setup appropriate configurations and user permissions.

Follow these detailed steps to safely grant non-root users powers to perform tasks on KVM.

  1. Create a New User Group: Let’s create a new user group called libvirt. This group will have the necessary permissions to administer with KVM. Skip if it exists and go to step 2.
sudo groupadd --system libvirt
  1. Add Users to the Group: Next we are adding specific user accounts to the group created.
sudo usermod -a -G libvirt <username>

Replace <username> with the actual username of the standard user you want to grant KVM management permissions. Repeat this step for each user you want to add.

  1. Modify Libvirt Configuration: Edit the Libvirt configuration file to allow members of the libvirt group to manage KVM:
sudo vim /etc/libvirt/libvirtd.conf

Locate the line unix_sock_group in the configuration file:

#unix_sock_group = "libvirt"

Uncomment the line and set the value to the libvirt group:

unix_sock_group = "libvirt"

Also ensure the following lines are uncommented and set as needed:

unix_sock_group = "libvirt"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0770"

Open the qemu.conf file and

sudo vim /etc/libvirt/qemu.conf

Uncomment the following lines and set as needed:

# Around line 519
user = "qemu"
group = "libvirt"
dynamic_ownership = 1
  1. Restart Libvirtd Service: After making the changes you need to restart the Libvirtd service:
sudo systemctl restart libvirtd
  1. Verify Permissions: Validate that a standard user can now manage KVM without sudo.
# Switch to standard user account
su - <username>

# List groups the user belongs to, kvm_admins should be in the list.
groups <username>
  1. Manager KVM as Standard User: Finally we can test if a user in the kvm_admins group can now run virsh commands or use virt-manager without sudo privilege escalation.
newgrp libvirt
virsh net-list

The user can also use graphical tools like virt-manager to manage the VMs:

virt-manager
Josphat Mutai

Founder of Computingforgeeks. Senior Systems Engineer with over a decade of hands-on experience building and managing production infrastructure. Core expertise in Linux/UNIX administration, cloud platforms (AWS, GCP, Azure), and Kubernetes ecosystems (EKS, GKE, OpenShift). Deep experience with virtualization (KVM, Proxmox, OpenStack), infrastructure as code (Terraform, Terragrunt, Ansible, Crossplane), GitOps workflows (ArgoCD, FluxCD), Nix/NixOS, and container orchestration at scale. Currently focused on integrating AI and LLMs into DevOps and platform engineering workflows. Every guide on this site is tested on real systems before publishing.

Related Articles

Virtualization Install KVM and Virt-Manager on Arch Linux Containers Run Linux Containers with LXC/LXD on Ubuntu 24.04|22.04|20.04|18.04 Virtualization Understanding and Automating: Azure Backups vs AWS Snapshots oVirt How To Reset oVirt or RHEV admin user password

Leave a Comment

Press ESC to close