Help editing sys-net for VPN connection

Contents/vpn.md at master · Qubes-Community/Contents · GitHub emphasized text

I am following the above guide to integrate a sys-net vm dedicated for a single vpn connection. The guide calls this section, “Set up a ProxyVM as a VPN gateway using NetworkManager”.

When I get to step 4, and attempt to edit /rw/config/rc.local
and add lines to the file, I cannot do so bc qubes does not allow root user. This is intentional for security reasons as far as I know. The guide does not mention how I circumvent this when telling me to edit the files, which is strange and I am sure other users have much confusion with these guides.

Q: How to execute file modifications without allowing/breaking root security privileges?
Q: Can I live without these two modifications of text files?
Q: How often do failures occur when using VPN’s connected through a dedicated ProxyVM? Is failsafe necessary?

Thank you to QubesOS Community here on Discourse

It’s not that Qubes does not allow root user - by default you can easily
use sudo su to get a root prompt, or edit files using sudo vi...
If you are using a minimal template, or have removed the passwordless
root package, you can still get root, by running
qvm-run -u root <qube> xterm

I haven’t checked that text, but almost certainly you will want the
entry in /rw/config/rc.local.
Failsafe is essential if your security stance in the relevant qubes
requires use of a proxy. That’s for you to judge.

So I can use

sudo vi <textfileheader.txt>

to open the file with root privleleges…and then I can just edit it like a normal file and save it? Seems much easier than I thought i guess

Indeed