Issue creating shared directory between host and guest reminds me… chmod 777 /home/user/shared isn’t a great. Security issue and usability issue.
As per https://chmod-calculator.com/ 777 allow public (i.e. any linux user account including those not having business there on the system) to read, write, execute files from that folder.
Is there some more canonical way to set up shared folders with KVM?
[1] Under which user is KVM attempting to write to shared folders?
[1] Under which group is KVM attempting to write to shared folders?
Perhaps better to create a folder elsewhere owned by that user [1] and group [2]?
I guess libvirt:kvm?
Then user user on the host should be able to read/write files there since Whonix KVM instructions currently include
sudo addgroup "$(whoami)" libvirtsudo addgroup "$(whoami)" kvm
anyhow?
Then permissions to that folder could be hardened.
chmod --recursive **o**-rwx
o
others
users who are neither the file’s owner nor members of the file’s group
- remove
rwx - read, write, execute
I.e. remove read, write, execute for others, i.e. no other user account than owner (u) and group (g) can read, write, execute there.
Then perhaps “the ultimate set” of commands could be provided that 100% made sure that all permissions are fine no matter how much the user messed that up.
sudo mkdir -p /shared
sudo chown --recursive libvirt:kvm /shared
sudo chmod --recursive o-rwx /shared
sudo chmod --recursive ug+rw /shared
/shared (violating FHS, maybe the not shown in some file managers) or /mnt/shared?
/sharedis easier to create and fully control permission wise./mntmore standard conform but then user might mess up permissions of/mntfolder.
Probably also fixable.
sudo mkdir -p /mnt
sudo chown root:root /mnt
sudo chmod o+r /mnt
sudo chmod o+x /mnt