Open rustybird opened 1 year ago
Qubes OS is a single-user operation system.
Maybe you can consider using a generic user
username, as it is a case for all other qubes? It will solve your issue (feature request) if I am getting it right, the name of the output also will be exactly dom0-home/user.000.enc
as you want.
Qubes OS is a single-user operation system. Maybe you can consider using a generic
user
username, as it is a case for all other qubes? It will solve your issue (feature request) if I am getting it right, the name of the output also will be exactlydom0-home/user.000.enc
as you want.
True, but many users like to customize their systems and use their own custom names for things. We've even had users request the ability to change the name user
in domUs, so they'd almost certainly consider the loss of the ability to customize the dom0 username to be a feature regression. Nonetheless, that doesn't mean it would be the wrong move. It just means it wouldn't be free of consequences.
Qubes OS release
Any
Brief summary
If a backup is created (with the Qubes Backup GUI or the
qvm-backup
CLI) that includes the dom0 home, the backup file contains the dom0 username in cleartext.Although this username is already not treated as confidential information in a local context - it's displayed on the default X11 lockscreen - putting it into a backup file can unnecessarily link the file to somebody who e.g. uploaded it anonymously to a cloud storage provider.
The username should be replaced, similar to how the unencrypted outer layer of the backup file replaces a VM's name by the fixed string
vm
+ the VM's numericalqid
property. The restore code would still be able to get the real username from the innermost (encrypted) tar archive, or it could be added to the (also encrypted)qubes.xml
if that's easier to implement.Steps to reproduce
Expected behavior
tar
printing something likeActual behavior