Alright. Let’s change that anyhow please to avoid confusion and maybe just in case?
This is expected. To elaborate, when user
user runs “sudo something” the user should be prompted for the password. If the password is correct, the command would run as root.
This might change in future when multiple boot modes for better security: persistent user | live user | persistent admin | persistent superadmin | persistent recovery mode is implemented.
Your screenshot shows that running
id that user
user is a member of group
sudo. This is expected as of now. Same as in Whonix VMs.
Untrusted Root - improve Security by Restricting Root is a development goal but not yet implemented.
Whonix (or Kicksecure) Host for now same as
18.104.22.168.4 gw/ws VMs.
Makes me wonder if
whonix-libvirt is the correct place to implement Whonix calamares settings.
whonix-libvirt.hide currently hides
/etc/lightdm/lightdm.conf.d/whonix-autologin.conf. Therefore disables autologin.
- Whonix-Host installed should not have autologin. That’s why above line.
- Whonix-Host iso should have autologin.
These are somewhat conflicting goals. Debian solves that by uninstalling package calamares-settings-debian at the end of calamares. We can’t do that because whonix-libvirt does other things which still need to be done in Whonix-Host installed.
Solution 1) Have a systemd unit file that detects being run from iso that creates the required file to auto login.
Solution 2) a separate package calamares-settings-whonix which is only installed on Whonix-Host iso but not in Whonix-Host installed.
What do you think?
There’s a package whonix-base-files for that already. That’s likely missing in Whonix-Host.
That’s because Whonix-Host does not depend yet on
- Pre-Depends: whonix-legacy
- Depends: whonix-base-files, anon-apt-sources-list, whonix-firewall, whonixsetup,
Fixed in git master just now: