Broken `qrexec-policy-daemon` after messed up `qubes-remote-desktop` installation

Yes. I followed the steps and created a debian based qube remote-admin

Then let me check the commands I ran. It could be that I mistyped something.

Sure. If you need more logs or further information, just let me know.

One thing I noticed was that there was no command called vncpassword after installation.
Just vncpasswd. But I think it’s not related to this issue.

Yes. That was a typo which I just fixed. Thanks!

Ah. I see what the problem might be. Did you perhaps foget to type the .d? It was supposed to be /policy.d/ and not /policy/. And it’s not just this but also /etc/qubes/policy.d/ and not /etc/qubes-rpc/policy/.

Notice the command:

I did not forget it and executed exactly your provided command.
I have deleted the files /etc/qubes/policy.d/30-remote-admin.policy and /etc/qubes-rpc/policy/qubes.ConnectTCP so I don’t know why there is still a reference to remote-admin

Also this command

grep -r 'remote-admin' /etc/qubes/

yields no result.

And now I noticed another issue with the guide. It should have been 5900 and not 5901

Try

grep -r 'remote-admin' /etc/qubes-rpc/

Ahh I did find a difference:

# your command
echo "qubes.ConnectTCP +5901 remote-admin @default allow target=dom0" | sudo tee -  /etc/qubes/policy.d/30-remote-admin.policy
# my command
echo "qubes.ConnectTCP +5901 remote-admin @default allow target dom0" | sudo tee -  /etc/qubes/policy.d/30-remote-admin.policy



Ah. That was it, then! But don’t forget to change +5901 to +5900 in this and the following command

Ahh yes

grep -r 'remote-admin' /etc/qubes-rpc/
/etc/qubes-rpc/policy/-:qubes.ConnectTCP +5901 remote-admin @default allow target dom0

OK. That’s my fault. the tee command shoudn’t have the - dash. I have fixed it in the guide now.

I get

[user@dom0 policy] ll
-rw-r--r-- 1 root root 63 Sep 28 22:58 -
...
So can I savely delete this file?

Yes. You were the one creating with my wrong tee command. And I don’t have it on my Qubes system. So you’re good to go.

It has those permissions because you created it with sudo.

That did it. So the correct command is

echo "qubes.ConnectTCP +5900 remote-admin @default allow target=dom0" | sudo tee /etc/qubes/policy.d/30-remote-admin.policy

?

Yes!

And then the command in 3. also changed.

Allright. In your guide step 1. has a double space between tee and /etc/.... Is this important?

No that shouldn’t matter. I’ve just fixed it now.