Fresh Whonix install on KVM/virt-manager (Arch Linux host),
no manual changes made after importing the VM.
Both Workstation and Gateway are affected.
– Issues Found –
Issue 1: /etc/sudoers.d has wrong permissions
- Found: 700 (drwx------)
- Should be: 750 (drwxr-x—)
Issue 2: /usr/bin/sudo has wrong group ownership
- Found: -rwsr-x— 1 root sysmaint
- Should be: -rwsr-xr-x 1 root root
- This breaks sudo for ALL users including sysmaint itself
Both issues together mean no user can run sudo at all out
of the box, with no password prompt — instant permission denied.
– What I Did As Workaround –
Since sudo was broken, I used TTY and logged in as root
directly to run system updates (apt upgrade).
After the system update, keyboard input stopped working
in TTY completely, forcing me to find another way to fix
the sudo issue.
Final workaround was:
- Boot into sysmaint session
- Run: sudo sh -c “chown root:root /usr/bin/sudo &&
chmod 4755 /usr/bin/sudo && chmod 750 /etc/sudoers.d”
– Impact –
- Fresh install is completely unusable out of the box
- sudo broken for both user and sysmaint accounts
- System update via TTY broke keyboard input in TTY
- Both Workstation and Gateway affected
Please fix permissions in the base image.