How do I run Vagrant as a normal user in Fedora?

asked 2016-05-13 08:11:56 -0500

nanos gravatar image

updated 2016-05-15 15:09:37 -0500

I am trying to setup Vagrant in Fedora 23 with libvirt. It boots and everything looks fine until I get asked for this in the boot process: "sudo password: Preparing to edit /etc/exports. Administrator privileges will be required".

I run Vagrant as a normal user and do not want to run it as root, nor add myself to the sudoers file. So I therefor get stuck on the above prompt for administrator privileges. Just to test, I have run vagrant up as root and everything worked, but I am not comfortable with running Vagrant like this.

I found something while googling for fixes and that was to change the permissions of the /etc/exports file. This works and let me run vagrant up as a normal user, but it feels like a dirty fix to me. What is the downside with changing the permissions of the /etc/exports file? I would really like to get Vagrant running as a normal user without having to affect security.

I have followed these instructions from Fedora Developer portal:

$ sudo dnf install vagrant-libvirt
$ sudo systemctl enable libvirtd
$ lsmod | grep kvm

lsmod | grep kvm does not return anything, so I have edit the Vagrantfile to use the qemu driver:

Vagrant.configure("2") do |config|
...
  config.vm.provider :libvirt do |libvirt|
    libvirt.driver = "qemu"
  end
...
end

Using libvirt from Vagrant without password prompts

$ sudo gpasswd -a ${USER} libvirt
$ newgrp libvirt

Synced folders with NFS

$ sudo dnf install nfs-utils && sudo systemctl enable nfs-server

Afterwards enable nfs, rpc-bind and mountd services for firewalld:

$ sudo firewall-cmd --permanent --add-service=nfs &&
  sudo firewall-cmd --permanent --add-service=rpc-bind &&
  sudo firewall-cmd --permanent --add-service=mountd &&
  sudo firewall-cmd --reload

Using NFS shares from Vagrant without password prompts

$ sudo visudo

add this:

# Allow Vagrant to manage /etc/exports
Cmnd_Alias VAGRANT_EXPORTS_ADD = /usr/bin/tee -a /etc/exports
Cmnd_Alias VAGRANT_NFSD_CHECK = /usr/bin/systemctl status nfs-server.service
Cmnd_Alias VAGRANT_NFSD_START = /usr/bin/systemctl start nfs-server.service
Cmnd_Alias VAGRANT_NFSD_APPLY = /usr/sbin/exportfs -ar
Cmnd_Alias VAGRANT_EXPORTS_REMOVE = /bin/sed -r -e * d -ibak /etc/exports
%vagrant ALL=(root) NOPASSWD: VAGRANT_EXPORTS_ADD, VAGRANT_NFSD_CHECK, VAGRANT_NFSD_START, VAGRANT_NFSD_APPLY, VAGRANT_EXPORTS_REMOVE

Afterwards add yourself to the vagrant group if you are not there already by running:

$ sudo getent group vagrant >/dev/null || sudo groupadd -r vagrant
$ sudo gpasswd -a ${USER} vagrant
$ newgrp vagrant

Get Vagrant up and running:

$ vagrant init rboyer/ubuntu-trusty64-libvirt 
$ vagrant up

I have tried two different libvirt boxes from Vagrant box site: https://atlas.hashicorp.com/s3than/bo... and https://atlas.hashicorp.com/rboyer/bo... . I get the same result with both boxes.

Help on this matter is very appreciated.Thanks.

edit retag flag offensive close merge delete

Comments

Please add the command you used to change permissions. If you only `chmod' for user (u) then the security should not be adversely affected.

jvegas gravatar imagejvegas ( 2016-07-01 11:33:27 -0500 )edit