For MacOS, must Multipass be run in an account with Admin privileges?
That is my experience. I would like to run it under a standard account, but it would hang up. I tried to change the access rights to /var/run/multipass_socket, but since I was using a standard account those changes would not stick. If I changed the account to have admin privileges, Multipass will run, I’d just like to confirm that Multipass will not run in a MacOS account that does not have admin privileges
The reason why we currently require admin privileges is that through Multipass you can circumvent file permissions (because you can mount arbitrary paths from the host into the instance).
Multipass itself, generally, needs to run with admin privileges to be able to use the hardware features.
As it stands, there’s no reliable way for Multipass to know what your user has access to, and what should be prevented.
Long-term we have some ideas on how to work around that:
- the socket will be world-accessible, but you’ll need an access token
- “server side” mounts will become privileged
- we’ll introduce “client side” mounts, where the source side of the mount runs with your user’s privileges
- for VM drivers that don’t require admin privileges, we’re thinking of introducing a “user” instance of Multipass
Hope this helps.
Thanks for your reply. I understand now. I think Multipass is a great tool!