So I decided it’s enough talking and it’s time to get straight to the action.
Time to remove
sudo and install
NOTE:: I am using KVM port of Whonix made by @HulaHoop
To reliably test, I am going to start by only replacing
sudo from Workstation.
I first looked up
doas package in bookworm, noticed it is a transitional package for
So I installed
OFF-TOPIC:: As it installed, apt told me there is a package called
busybox which is installed and no longer needed, potentiality room for improvement here ? @HulaHoop consider removing
busybox since we already have all gnu tools installed, makes no sense to have it really.
And would love if @patrick checked on Virtualbox to confirm / deny
busybox package being installed by default
Back to topic:
opendoas by first making a directory
/etc/doas.d/ then inside I create
doas.conf with the following content:
# This will allow users in the wheel group to use doas.
permit persist :wheel
Then I make a symlink in
ln -s /etc/doas.d/doas.conf /etc/doas.conf
I then ran the command
groups to show what groups I am apart of, and received the following:
user cdrom sudo audio dip plugdev users console ssh debian-tor
I was baffled at first why my user is not part of the
wheel group but I guess whonix uses the
sudo group instead? Is it a security risk to add myself to the
wheel group and remove
sudo from my user ?
Anyway I went back again and edited
/etc/doas.conf to edit
permit persist :sudo
For your information,
persist means cache creditenels so you only have to type password once in a terminal, but if you close terminal and try in another one you must enter password again. Same exact behavior which is done by
Bam, it all works extremely well!
Now back to the big guns, before I remove the
sudo package, I took a look at
/etc/sudoers.d/ files to confirm that
Whonix does not use any kind of special configuration for it.
Turns out it does but I decided to go the reverse engineer way. I simply backed up the original sudoers files, then I wrote
doas apt remove sudo
Then I got the following:
The following packages will be REMOVED:
anon-ws-disable-stacked-tor apparmor-profile-dist apparmor-profiles-kicksecure
bootclockrandomization dist-base-files helper-scripts kicksecure-default-applications-cli
kicksecure-dependencies-cli kicksecure-dependencies-system kicksecure-desktop-applications-xfce
kicksecure-recommended-cli legacy-dist msgcollector msgcollector-gui non-qubes-audio
non-qubes-vm-enhancements-cli non-qubes-vm-enhancements-gui non-qubes-whonix-workstation-cli
non-qubes-whonix-workstation-xfce open-link-confirmation repository-dist sdwdate sdwdate-gui
security-misc setup-dist setup-wizard-dist sudo swap-file-creator systemcheck tb-default-browser
tb-starter tb-updater usability-misc vm-config-dist whonix-base-files whonix-firewall
I immediately did “N” to prevent everything from being removed , what’s up with that? why it pulled all these packages ?