ZuluCrypt not working in user session

I cannot run zuluCrypt-GUI from “user”.

Using VirtualBox 7.1.8 and Whonix 17.3.9.9

First I got this error:

                    Failed To Start Helper Application.

"org.zulucrypt.zulupolkit.policy" polkit file is misconfigured,
                zuluPolkit executable could not be found
                      or pkexec failed to start zuluPolkit.

The workaround from here: /t/cannot-use-pkexec/8129/16 did not work, however this post led me to give pkexec setuid permissions which is apparently required.
After this change ZuluCrypt started working from the “sysmaint” user, however with the “user” user I get this error:

[workstation user ~]% zuluCrypt-gui 
==== AUTHENTICATING FOR org.zulucrypt.zulupolkit ====
Authentication is required to complete requested operation.
Authenticating as: ,,, (user)
==== AUTHENTICATION FAILED ====
2 Likes

Your options are documented here:
Applications requiring Administrative Rights during User Session

(Whonix is based on Kicksecure)

1 Like

I have the same problem. Someone can write instructions on how to make it so that I can run through the user - zuluCrypt. For example, what do I need, what privleap custom actions do I need to do. Thanks.

1 Like

Duplicate:

2 Likes

Can you provide an example of commands specifically for Zulucrypt in the wiki, please? :pray: I think this is the main issue users face in the user session. For beginners, this problem is quite challenging. I am new to Whonix and Linux, and I am having trouble with Zulucrypt. Or does this not work for a single program? Thank you.

1 Like

Not planned.

1 Like

Oi,

I encountered the following error when running ZuluCrypt-GUI as the standard user:

org.zulucrypt.zulupolkit.policy polkit file is misconfigured,
zuluPolkit executable could not be found
or pkexec failed to start zuluPolkit

Root cause:
/usr/bin/pkexec had lost its set-UID root bit, preventing Polkit from elevating privileges to launch the zuluPolkit helper under an unprivileged account.

Action taken:

sudo chown root:root /usr/bin/pkexec
sudo chmod 4755    /usr/bin/pkexec

Result:
Restoring the SUID bit on pkexec allowed Polkit to operate as intended, and ZuluCrypt-GUI now launches correctly for user.

Security note:
pkexec is designed to be set-UID root in Polkit’s security model. Returning these permissions to their original state does not weaken system security.

I might be wrong, but it works for me and bring back ZuluCrypt-GUI functionality like in old Whonix releases.

1 Like

This is by design. See:

pkexec being non-SUID is the security model of user-sysmaint-split.

No Access to Privilege Escalation Tools for Limited Accounts

2 Likes

I see. So, what is the official solution for users to run Zulucrypt GUI without uninstalling the Sysmaint solution? I mean, I don’t need the SysMain option, so I’ve removed it, but I’m curious to know how someone who doesn’t uninstall it can use ZulucryptGUI.

1 Like

The only available answer is this one:

2 Likes

Cool, thanks, privleap looks ok. Thanks for sharing.

1 Like