/usr/lib/whonix-firewall/firewall50user which calls
sudoedit /etc/whonix_firewall.d/50_user.conf. The latter does not have a sudoers exception. And probably should not have one anyhow. Since started from start menu (GUI), sudoedit will not ask for password. And we’re not using
-A / askpass option.
I don’t think anyone accept ssh-askpass is using sudo aspass option.
This would work:
sudo apt install ssh-askpass
sudoedit -A /etc/something
We could write a nicer zenity wrapper to ask for the password.
zenity --title "something" --password
zenity is too limited. Couldn’t show a custom message. And inventing this from scratch seems a lot work.
But probably this would be better:
lxsudo env VISUAL="$VISUAL" sudoedit /etc/whonix_firewall.d/50_user.conf
Has a more familiar, consistent GUI. Designed for purpose of password entry and showing the actual command.
Would it be a problem that
sudoedit is run as root (through