Index: vws
==================================================================
--- vws
+++ vws
@@ -382,10 +382,11 @@
             return 1
     for i in drives:
         os.rename(i, newnames[i])
         os.system("qemu-img create -f qcow2 -b \"%s\" \"%s\"" %
                   (newnames[i], i))
+        os.chmod(i,0664)
     return 0
 
 def cmd_snapshots(options):
     """ vws snapshots - list existing snapshots """
     os.chdir(options.dir)
@@ -435,10 +436,11 @@
             continue
         # Unlink current image
         os.unlink(drive)
         # create new image with same backing file
         os.system('qemu-img create -f qcow2 -b "%s" "%s"' % (backing, drive))
+        os.chmod(drive,0664)
 
 def cmd_commit(options):
     """
     Commits last snapshot changes into it's backing file
     There would be one snapshot less for virtual machine
@@ -519,11 +521,12 @@
 if [ "$1" = '-cdrom' ]; then
 	shift
 	CDROM=",file=$1"
 	shift
 fi
-
+#set umask to make machine group-accessable
+umask 002
 {qemubinary} -name $NAME {accel} \\
 -m {memory} \\
 {drive} \\
 {cdrom}$CDROM \\
 {net} \\
@@ -538,10 +541,11 @@
 -device ich9-usb-ehci1,id=usb \\
 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,multifunction=on \\
 -chardev spicevmc,name=usbredir,id=usbredirchardev1 \\
 -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1 \\
 -daemonize -pidfile pid
+chmod 0660 monitor pid
 """
 
 def cmd_create(parsed_args):
     """ vws create - create new VM """
     BADSIZE = "Invalid size of %s specifed %s. Should have K, M or G suffix"
@@ -563,11 +567,11 @@
                "usb":"-usb"}
     macaddr = ":".join(["%02x" % ord(x) for x in  chr(0x52) + os.urandom(5)])
     if parsed_args.shared:
         machinedir = os.path.join(config.get("directories", "SharedVMs"),
                                   parsed_args.machine)
-        dirmode = 0755
+        dirmode = 0775
     else:
         machinedir = os.path.join(os.environ["HOME"], "VWs",
                                   parsed_args.machine)
         dirmode = 0775
 
@@ -609,10 +613,17 @@
             print >> sys.stderr, ("Cannot create VW directory, " +
                                   "something on the way")
         sys.exit(1)
     #  Creating directory for VM
     os.makedirs(machinedir, dirmode)
+    if parsed_args.shared:
+        import grp
+        gid=grp.getgrnam(config.get("permissions","vm_group")).gr_gid
+        uid=os.getuid() 
+        os.chown(machinedir,uid,gid)
+        if config.getboolean("permissions","setgid_vm"):  
+            os.chmod(machinedir,02775)
     driveopts = {"interface":parsed_args.diskif, "image":drivename}
     if parsed_args.install:
         install_image = os.path.abspath(parsed_args.install)
 
     if parsed_args.image:
@@ -627,11 +638,11 @@
     else:
         print >>sys.stderr, "Creating new image file of %s" % parsed_args.size
         os.chdir(machinedir)
         os.system("qemu-img create -f qcow2 %s %s" %
                   (drivename, parsed_args.size))
-
+    os.chmod(drivename,0664)
     # pylint: disable=star-args
     options["drive"] = options["drive"].format(**driveopts)
     if hasattr(parsed_args, "debug") and parsed_args.debug:
         print repr(driveopts), repr(options["drive"])
         print repr(options)
@@ -680,10 +691,14 @@
     config.set('create options', option, value)
 config.add_section('tools')
 config.set('tools', 'viewer', 'remote-viewer %s')
 config.set('tools', 'bridge_list', '/sbin/brctl show')
 config.set('tools', 'lsusb', 'lsusb')
+config.add_section('permissions')
+config.set('permissions','vm_group','kvm')
+config.set('permissions','autostart_user','root')
+config.set('permissions','setgid_vm','yes')
 # Read configration files
 config.read(['/etc/vws.conf', os.environ['HOME'] + '/.vwsrc'])
 # Parse argument
 args = ArgumentParser(description="Manage Virtual Workstations")
 cmds = args.add_subparsers(dest='command', help="sub-command help")
@@ -790,10 +805,11 @@
 p = new_command(cmds, 'monitor', help='connect stdin/stdout to monitor of VM')
 p = new_command(cmds, 'spiceuri', help='Output spice URI of machine')
 
 parsed_args = args.parse_args(sys.argv[1:])
 
+os.umask(002)
 # Create command is totally different, so it is handled separately
 if parsed_args.command == 'create':
     cmd_create(parsed_args)
     sys.exit(0)
 
@@ -816,12 +832,13 @@
             print >>sys.stderr, ("Virtual machine %s is not running." %
                                  parsed_args.machine)
             sys.exit(1)
         else:
             parsed_args.stopped = True
+
 try:
     func(parsed_args)
 finally:
     if hasattr(parsed_args, 'sock') and parsed_args.sock is not None:
         parsed_args.sock.shutdown(socket.SHUT_RDWR)
         parsed_args.sock.close()
 

Index: vws.conf
==================================================================
--- vws.conf
+++ vws.conf
@@ -2,15 +2,28 @@
 SharedVMs=/home/virtual/vws/shared
 AutostartVMs=/home/virtual/vws/autostart
 [tools]
 viewer=remote-viewer %s
 bridge_list=/sbin/brigectl show
-lsusbh=lsusb
+lsusb=lsusb
+[permissions]
+# User name of user which owns processes of autostart VM
+# Should be member of group which is able to access KVM device.
+autostart_user = kvm
+# Group all shared VM belongs to. Probably should be same group which
+# owns kvm device. Note that shutdown command knows how to stop private vms of
+# members of these groups
+vm_group = kvm
+# True (yes, on) if directories of new shared VMs should be created setgid.
+# This normally would make snapshots and other auxillary files owned by
+# shared_vm_group and accessable for all users. Set to false if your
+# file system has another sematics of setgid bit on directories.
+setgid_vm = yes
 [create options]
 net=user
 size=20G
 mem=1G
-# vws would compute default arch for at least i385, x86_64 and arm
+# vws would compute default arch for at least i386, x86_64 and arm
 # arch=i386
 sound=hda
 vga=qxl
 diskif=virtio