Use virt-manager as a non-root user on Linux

Posted on 223 views

Hello all. I’ve been using KVM for a long time now. Every time I try to use virt-manager as a non-root user, I have to enter the sudo password. This ain’t a problem but if you use virt-manager most of the times, it can be boring and irritating.

For KVM installation, refer to our guides below.

How to install KVM on RHEL/CentOS 8Fedora, Arch LinuxCentOS, Ubuntu/Debian, SLES

I’ll show you a simple way to use virt-manager as a non-root user, by just creating a libvirt group and adding a standard user account to it. Without wasting much time, let’s dive in.

To use virt-manager as a non-root user, follow steps below:

Step 1 – Create unix group to use

First check if group already exist, if not create it

sudo getent group | grep libvirt

Some distributions may be using libvirtd.

sudo getent group | grep libvirtd

If it doesn’t exist, add it as system group.

sudo groupadd --system libvirt

Step 2 – Add user account to the libvirt group

Now that the group is available, add your user account to the group.

sudo usermod -a -G libvirt $(whoami)
newgrp libvirt

Verify that user is added to libvirt group.

$ id $(whoami)
uid=1000(jmutai) gid=1000(jmutai) groups=1000(jmutai),998(wheel),992(kvm),988(storage),968(libvirt),108(vboxusers)

Step 3 – Edit libvirtd configuration file to add group

Open the file /etc/libvirt/libvirtd.conf for editing.

sudo vim /etc/libvirt/libvirtd.conf

Set the UNIX domain socket group ownership to libvirt, (around line 85)

unix_sock_group = "libvirt"

Set the UNIX socket permissions for the R/W socket (around line 102)

unix_sock_rw_perms = "0770"

Restart libvirt daemon after making the change.

sudo systemctl restart libvirtd.service

Check service status.

$ systemctl status libvirtd.service    
 ● libvirtd.service - Virtualization daemon
    Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: disabled)
    Active: active (running) since Fri 2019-04-19 08:48:13 EAT; 1h 16min ago
      Docs: man:libvirtd(8)
  Main PID: 31709 (libvirtd)
     Tasks: 26 (limit: 32768)
    Memory: 64.7M
    CGroup: /system.slice/libvirtd.service
            ├─  754 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leases>
            ├─  755 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leases>
            ├─  777 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/docker-machines.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvir>
            ├─  778 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/docker-machines.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvir>
            ├─25924 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/vagrant-libvirt.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvir>
            ├─25925 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/vagrant-libvirt.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvir>
            ├─25959 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/fed290.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leasesh>
            ├─25960 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/fed290.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leasesh>
            └─31709 /usr/bin/libvirtd

Step 4 – Launch virt-manager

Start Virtual Machine Manager from the command line or your Start menu.

$ virt-manager

You should be able to create a VM without getting a permission error.


You should be able to use virt-manager as a non-root user. If not, try to read your libvirtd.conf file to see the relevant sections to modify.


We’ve covered how to use virt-manager as a non-root user in easy to follow steps. You may have to install KVM virtualization package group to get tools including virt-manager.


Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.