Whonix-Host Operating System (OS) ISO

https://github.com/Whonix/Whonix/blob/master/build-steps.d/1800_copy_vms_into_raw#L35

old:

   $CHROOT chmod -v -R 444 "/var/lib/libvirt/images/Whonix-Gateway.qcow2"
   $CHROOT chmod -v -R 444 "/var/lib/libvirt/images/Whonix-Workstation.qcow2"

chmod 444 meaning read allowed for owner, group, public.
(As per https://chmod-calculator.com/.)

Would chmod 440 (public cannot read the images) be better? In other words, why should all users on the system be able to read these images? Or is that the default?

I also find octal hard to work with. The following is much easier to understand:

  • chmod u (user/owner)
  • chmod g (group)
  • chmod o (others)

Therefore changed from octal to symbolic:

   $CHROOT chmod --verbose --recursive ugo-r "/var/lib/libvirt/images/Whonix-Gateway.qcow2"
   $CHROOT chmod --verbose --recursive ugo-r "/var/lib/libvirt/images/Whonix-Workstation.qcow2"

This is related to fixing ⚓ T914 Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.