/usr/share/applications/whonix-firewall50user.desktop
calls /usr/lib/whonix-firewall/firewall50user
which calls sudoedit /etc/whonix_firewall.d/50_user.conf
. The latter does not have a sudoers exception. And probably should not have one anyhow. Since started from start menu (GUI), sudoedit will not ask for password. And we’re not using -A
/ askpass option.
I don’t think anyone accept ssh-askpass is using sudo aspass option.
This would work:
sudo apt install ssh-askpass
export SUDO_ASKPASS=/usr/bin/ssh-askpass
sudoedit -A /etc/something
We could write a nicer zenity wrapper to ask for the password.
zenity --title "something" --password
zenity
is too limited. Couldn’t show a custom message. And inventing this from scratch seems a lot work.
But probably this would be better:
lxsudo env VISUAL="$VISUAL" sudoedit /etc/whonix_firewall.d/50_user.conf
Has a more familiar, consistent GUI. Designed for purpose of password entry and showing the actual command.
Would it be a problem that sudoedit
is run as root (through lxsudo
)?