By default, BOINC daemon is started by root and supposedly drops permissions after a bit. However, the CERNVM VirtualBox application cannot run as root, so they recommend running BOINC from a user account that has virtualbox permissions; VirtualBox, on the other hand, will not run as root for security reasons.
I got around this by making BOINC as "user" and moving its $HOME to /home/boinc/ and I don't think I had to change anything (except the /etc/conf.d/boinc file.) I am not using any hardening in the kernel, so that may complicate things. I currently run some 11 projects, including SETI, CERN, Einstein, and World Community Grid. Everything works fine for me. -- G.Wolfe Woodbury [email protected]
