Closed peakunshift closed 7 months ago
The reasoning is: only install when strictly needed,
I am trying to harden against a machine with root having trying to attack Xen. A Qrexec dialog for sudo authorization does not help anything, only gives false sense of security. This is why I opted for no unprivileged user with superuser rights.
Easier control of VMs by having sudo privileges.
I understand the usability issues:
qvm-run -u root --service QUBE qubes.StartApp+qubes-run-terminal
For the GUI, you can solve with a desktop shortcut (I don't provide any).
For the CLI, I provide the qvm-terminal script: qvm-terminal -u root tpl-media
. You can make it shorter: alias qtr="qvm-terminal -u root"
, qtr tpl-media
.
Okay I understand, the command is annoying to type but with your CLI it makes it easier, and better to have non-privileged user this way!
https://github.com/ben-grande/qusal/issues/18#issuecomment-1959891160 Nice, can this be moved to the project? So no need to install something new, and limiting the amount of dom0 modifications is better to respect QubesOS security philosophy.
I will do the same here, move qvm-terminal
to Qusal /usr/bin
.
Okay I understand, the command is annoying to type but with your CLI it makes it easier, and better to have non-privileged user this way!
If you want to have passwordless root, install in the minimal templates debian-12-minimal
and fedora-39-minimal
before applying the other formulas, as the other templates are clone of these, they will have passwordless root also.
To be sure you don't have the dotfiles scripts in your way, remove them from $HOME/.local/bin/dom0
on dom0:
rm -f ~/.local/bin/dom0/qvm-{terminal,file-manager,copy-to-dom0}
and fetch the new commits before applying the states.
I won't provide migration guides for breaking changes such as this in this stage, as they may happen frequently in this stage of development.
Commitment
I confirm that I have read the following resources:
[x] How to ask questions The Smart Way
[x] Writing the perfect question
[x] Question checklist
[x] Could you please make my preference the defafault?
Current problem (if any)
Minimal templates does not have
qubes-core-agent-passwordless-root
installed. This makes more difficult to update them when necessary (install new packages in templates, temporary add configurations in a dispVM for testing purpose, etc).Is there a specific reason why it has not been done?
Proposed solution
As explained in the official QubesOS documentation, install
qubes-core-agent-passwordless-root
by default indebian-minimal
andfedora-minimal
.The value to a user, and who that user might be
Easier control of VMs by having
sudo
privileges.