I'm about to start setting up some KVM-based virtual machines that will be used in a production system on an Ubuntu 10.04 LTS server and I'm not sure which user to run them as. In my tests, I ran them as the user I set up during the Ubuntu installation, but would I be better off running them as root or under a separate user account, like how slapd runs as user openldap?
답변1
You should opt for the principle of least privilege.
Your VMs don't need to run as root; so they shouldn't run as root. Ideally, you'd attempt to further segregate your VMs from each other, but there's very limited tool support for that (e.g.: keeping LVM VGs for particular user groups).
Run your VMs under some separate user account.