diff --git a/etc/group b/etc/group
--- a/etc/group
+++ b/etc/group
@@ -34,5 +34,6 @@
 _ypldap:*:160:
 hast:*:845:
 tests:*:977:
+vmm:*:978:
 nogroup:*:65533:
 nobody:*:65534:
diff --git a/sys/dev/vmm/vmm_dev.c b/sys/dev/vmm/vmm_dev.c
--- a/sys/dev/vmm/vmm_dev.c
+++ b/sys/dev/vmm/vmm_dev.c
@@ -1025,8 +1025,8 @@
 	make_dev_args_init(&mda);
 	mda.mda_devsw = &vmmdevsw;
 	mda.mda_cr = sc->ucred;
-	mda.mda_uid = UID_ROOT;
-	mda.mda_gid = GID_WHEEL;
+	mda.mda_uid = cred->cr_uid;
+	mda.mda_gid = GID_VMM;
 	mda.mda_mode = 0600;
 	mda.mda_si_drv1 = sc;
 	mda.mda_flags = MAKEDEV_CHECKNAME | MAKEDEV_WAITOK;
@@ -1199,7 +1199,7 @@
 
 	sx_xlock(&vmmdev_mtx);
 	error = make_dev_p(MAKEDEV_CHECKNAME, &vmmctl_cdev, &vmmctlsw, NULL,
-	    UID_ROOT, GID_WHEEL, 0600, "vmmctl");
+	    UID_ROOT, GID_VMM, 0660, "vmmctl");
 	if (error == 0)
 		pr_allow_flag = prison_add_allow(NULL, "vmm", NULL,
 		    "Allow use of vmm in a jail.");
@@ -1350,8 +1350,8 @@
 	make_dev_args_init(&mda);
 	mda.mda_devsw = &devmemsw;
 	mda.mda_cr = sc->ucred;
-	mda.mda_uid = UID_ROOT;
-	mda.mda_gid = GID_WHEEL;
+	mda.mda_uid = sc->ucred->cr_uid;
+	mda.mda_gid = GID_VMM;
 	mda.mda_mode = 0600;
 	mda.mda_si_drv1 = dsc;
 	mda.mda_flags = MAKEDEV_CHECKNAME | MAKEDEV_WAITOK;
diff --git a/sys/sys/conf.h b/sys/sys/conf.h
--- a/sys/sys/conf.h
+++ b/sys/sys/conf.h
@@ -160,6 +160,7 @@
 #define		GID_ID_PRIO	48
 #define		GID_DIALER	68
 #define		GID_U2F		116
+#define		GID_VMM		978
 #define		GID_NOGROUP	65533
 #define		GID_NOBODY	65534