What is the purpose of "Libvirt qemu" user?

qemu virtualization 16.04

What is the purpose of "Libvirt qemu" user that is created as non system user when installing some virtualisation package ?

Which package did that exactly ?


It's created by libvirt-bin:

$ grep libvirt-qemu /var/lib/dpkg/info/*.postinst
/var/lib/dpkg/info/libvirt-bin.postinst:# Allocated UID and GID for libvirt-qemu
/var/lib/dpkg/info/libvirt-bin.postinst:    if ! getent passwd libvirt-qemu >/dev/null; then
/var/lib/dpkg/info/libvirt-bin.postinst:            libvirt-qemu
/var/lib/dpkg/info/libvirt-bin.postinst:                chown libvirt-qemu:kvm "${dir}"
/var/lib/dpkg/info/libvirt-bin.postinst:    chown libvirt-qemu:kvm /var/lib/libvirt/qemu/channel/target

And it's a security measure. With services like web servers, mail servers, hypervisors, etc., the service should drop privileges and run as an unprivileged user instead of remaining as root after it has done any necessary initialization. This way, if the service is compromised, the attacker doesn't gain unrestricted root access. For libvirt in particular:

If QEMU virtual machines from the "system" instance are being run as non-root, there will be greater restrictions on what host resources the QEMU process will be able to access.

Related

Error in make install: "cannot copy file"
Can I get visual feedback from copying wth Ctrl+C?
Move characters from the start of filenames to the end (before extension) and add whitespace
How to know the progress of sfill free space wiping process?
Vulkan does not work [closed]
How to sort files order by "type" for all directories?
How to increase sudo lock [duplicate]
apt-get upgrade fails: "guvcview : Depends: libguvcview-2.0-0 but it is not installed" [duplicate]
openconnect network-manager gui options
How do I execute a script after DHCP assigns an IP address on start up?
Adding Android x86 to GRUB2 [closed]
Recovering corrupted m4a recordings