Search the VMware Knowledge Base (KB)
View by Article ID

Usage and security considerations of the _vmware_ group in VMware Workstation and VMware Player (2089333)

  • 4 Ratings

Purpose

This article describes the use case and security considerations of the _vmware_ group that is created when installing VMware Workstation and VMware Player.

Resolution

By default, VMware Workstation and VMware Player use the VMware Authorization Service (also known as authd) for privileged operations. This service eliminates the need for system administrators to grant administrative privileges to their users so that they can run virtual machines.

The _vmware_ group is an alternative for administrators who prefer to directly grant their users the privileges they need to run virtual machines instead of using the authd service. No users are added to this group by default.

The _vmware_ group is similar in concept to the Windows 2000/XP built-in Power Users group. Both groups provide increased privilege which prevents accidental misuse but could be exploited by malicious software to gain full Administrator access.
 
The _vmware_ group has very high level permissions by design. These privileges can be exploited to traverse some of the customary security boundaries of the host OS, such as read kernel memory, crash the system, etc. Users in the _vmware_ group effectively have administrative privileges.

VMware recommends using the default configuration, which leverages the VMware Authorization Service (authd) for privileged operations. Only add a user to the __vmware__ group if you do not want to run the VMware Authorization Server and are willing to accept the security tradeoffs for adding a user to this group.

VMware would like to thank Matt Bergin of KoreLogic Security, Inc. for working with us on documenting this issue.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 4 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 4 Ratings
Actions
KB: