MacOS Admin Account Required

jim23 · January 11, 2021, 9:48pm

For MacOS, must Multipass be run in an account with Admin privileges?

That is my experience. I would like to run it under a standard account, but it would hang up. I tried to change the access rights to /var/run/multipass_socket, but since I was using a standard account those changes would not stick. If I changed the account to have admin privileges, Multipass will run, I’d just like to confirm that Multipass will not run in a MacOS account that does not have admin privileges

Thanks

saviq · January 13, 2021, 8:40am

Hi @jim23,

The reason why we currently require admin privileges is that through Multipass you can circumvent file permissions (because you can mount arbitrary paths from the host into the instance).

Multipass itself, generally, needs to run with admin privileges to be able to use the hardware features.

As it stands, there’s no reliable way for Multipass to know what your user has access to, and what should be prevented.

Long-term we have some ideas on how to work around that:

the socket will be world-accessible, but you’ll need an access token
“server side” mounts will become privileged
we’ll introduce “client side” mounts, where the source side of the mount runs with your user’s privileges
for VM drivers that don’t require admin privileges, we’re thinking of introducing a “user” instance of Multipass

Hope this helps.

jim23 · January 13, 2021, 2:52pm

Thanks for your reply. I understand now. I think Multipass is a great tool!