madaidan via Whonix Forum:
The bug will probably be fixed in
command-not-foundbefore the umask changes are in the next stable Whonix release.
Unlikely since Whonix now releases more frequently. (Search term:
rolling release.) These changes will make their way into next stable
Whonix release sooner or later. Could be in 1 to 4 weeks.
If not, the workaround should be applied.
Yes.
There likely won’t be many sensitive files created by the root user that isn’t intended to be readable by others anyway.
ssh keys, ssh authorized_keys, ssl keys, /etc/shadow but these are
probably already handled by the system in read permission restricted
for others ways anyhow so hopefully don’t matter.
No, any newly created file will still be readable by other users. Only the files already in the home folder will be protected. The permission lockdown only runs once so it won’t protect any files created after it has run.
No. If the root folder forbids read access, any folder after that
“barrier” will also be inaccessible even though having more relaxed
permissions. Example:
touch /home/user/a
chmod o+r /home/user/a
sudo -u man cat /home/user/a
cat: /home/user/a: Permission denied
The permission lockdown keeps out any non-root out of /home/user.
(Unless root would run sudo chmod o+r /home/user or addgroup or
similar but if they do so, they should be free to do so.)
Please run sudo chmod o-rwx /home/user and then try to make any file
accessible in /home/user by non-root users other than user. (Without
again using chmod directly on /home/user.)