[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Why have root user


#1

Why does Whonix have a regular user and also a root user? This adds to complexity without clear benefits, the regular user can gain root privileges with sudo. Doesn’t disabling the root account improve security? In Ubuntu this is the default.

Related Whonix installation from default password to user password
Looks abandoned https://www.whonix.org/wiki/VFAQ


#2

Whonix is not a multi-user system like ubuntu. So there should be no problem from other users gaining root privileges. If Whonix Workstation was compromised, it would only be a matter if time before the sudo password was sniffed by the attacker.

Related:

https:/forums.whonix.org/t/why-whonix-have-sudo-threat/3677


#3

fish:

This adds to complexity without clear benefits

Disabling the root account also adds complexity without clear benefits.


#4

Could you give an example of how the absence of a root account would make using Whonix more complex? Sudo would allow you to do everything. For one user one account looks like the simplest option to me, but I’m open to more informed opinions.


#5

Hi fish

Removing the root account would have no clear benefit. But can do this if you like. It will be up to you to figure out how.


#6

Indeed. Dumbing down GNU/Linux into the same way a non-rooted Android phone functions will just make using your system a PITA and won’t necessarily stop people who know what they are doing from hosing your system.

On a orthogonal subject, I’m in favor of the sudoless desktop too because there is little it can do to stop someone who has remote access to your system anyway.


#7

fish:

Could you give an example of how the absence of a root account would make using Whonix more complex?

One more thing to implement (code to maintain that can break) (doing
this for new and updated builds), to justify, document and then
constantly being questioned and debated.

What could make sense for both Whonix, Qubes-Whonix and Debian generally
would be a root lockdown package that stops both sudo and root.

  • In Qubes: being activated by qvm-service mechanism
  • Outside of Qubes: not sure, perhaps being activated by kernel parameter?

Feel free to implement one.

Alternatively, feel free to document sudo/root lockdown.


#8

I understand. In Debian if no password is provided during install for root it is disabled and sudo is installed. For introducing this into Whonix that could be useful because there’s nothing to implement, just a different step when making the image.

Don’t you need one of them to administer the computer?


#9

fish:

I understand. In Debian if no password is provided during install for root it is disabled and sudo is installed. For introducing this into Whonix that could be useful because there’s nothing to implement, just a different step when making the image.

Debian base raw images which are later converted to Whonix are created
using grml-debootstrap, not Debian installer. Using Debian installer and
then distribute it would be bad. Not comparable.

Don’t you need one of them to administer the computer?

I don’t understand the question.


#10

Are you not saying root and sudo would both be disabled? How would the computer be administered?


#11

fish:

Are you not saying root and sudo would both be disabled? How would the computer be administered?

Kernel boot parameter as mentioned above.


#12

I must have misunderstood. Regardless of how the image is built how would a user administer the workstation or gateway if there was no access to the root account and no sudo?

As it stands there are four accounts in Whonix, two in each VM. If a user made the password of all four the same, how bad would that be? I don’t see a problem in having the same password for root and regular user in the same VM at all, because both can do the same stuff given sudo. If I’m wrong about the last point please correct me.


#13

fish:

[quote=“Patrick, post:7, topic:5199”] stops both sudo and root
[/quote] I must have misunderstood. Regardless of how the image is
built how would a user administer the workstation or gateway if there
was no access to the root account and no sudo?

It would be an optional package to be installed later.

If installed: have a kernel boot parameter (chosen at grub boot menu)
that re-enables some sort of administrator (sudo and/or root account).

As it stands there are four accounts in Whonix, two in each VM. If a
user made the password of all four the same, how bad would that be? I
don’t see a problem in having the same password for root and regular
user in the same VM at all, because both can do the same stuff given
sudo. If I’m wrong about the last point please correct me.

Please move this part to a new forum subject.