Is it possible to mass copy files from one qube to others without copying to dom0?

If I want to copy a file from dom0 to every template, I can:
qvm-copy-to-vm debian-10 /home/user/qubes_syslog.conf
qvm-run debian-10 “sudo mv /home/user/QubesIncoming/dom0/qubes_syslog.conf /etc/rsyslog.d/”
qvm-copy-to-vm debian-11 /home/user/qubes_syslog.conf
qvm-run debian-11 “sudo mv /home/user/QubesIncoming/dom0/qubes_syslog.conf /etc/rsyslog.d/”
(then fedora-32 and on doing it for each template, iterating through all the templates).

However, if the file is in a qube instead of dom0, I was wondering if there was a equally convenient way to copy it from one qube to all templates without copying it to dom0.

Maybe you could insert a thumb drive, copy the files to it and then assign the drive to each template one by one.

you could use qvm-copy / qvm-move from vm.

if the file is located in fileqube:Documents/qubes_syslog.conf, you can run this in dom0:

qvm-run -p fileqube 'cat ~/Documents/qubes_syslog.conf' | qvm-run -p -u root debian11 'cat > /etc/rsyslog.d/qubes_syslog.cnf'

This way you don’t need to give qubes.VMShell privileges on debian11 to fileqube.

It also works in GUI with a right click in Nautilus. You can copy/move whole folders, too.

I was hoping to avoid having to scroll though the huge list of qubes for each template

I read this thread and I still don’t know if it’s possible to automate copying file from one Qube to another.

Is there a way to run a series of commands in Dom0 to copy files and folders from one Qube to another without user intervention, and without copying files to Dom0?

Running qvm-copy in the source Qube requires inputting the destination Qube manually. Can this be fully automated and the destination pre-determined?

One possible way to do so is create a policy file that is temporaray to allow copying from source to destination, and after copying, to delete the policy file. I saw it was done in this script: qvm-create-windows-qube/qvm-create-windows-qube at master · elliotkillick/qvm-create-windows-qube · GitHub

However, I read that qvm-copy-to-vm is deprecated and will be removed. Will this method still work with qvm-copy?

Are there other ways to do so?

Unlikely as that would essentially make the qrexec policy redundant.

I generally pipe from a VM to dom0 and then to another VM from there using the “always allow execution from dom0” qrexec policy. That has the security risk of bugs in Linux pipes in dom0.

Modifying the policy has the risk of forgetting to turn it back or the VM misusing its new rights during the time of modification.

Pick your devil yourself.

Of course.
qvm-copy-to-vm is indeed deprecated, but you can replace it’s
functionality in this case using a policy:
qubes.Filecopy * SOURCE @anyvm allow target=TARGET

This policy will mean that any instance of qvm-copy will be allowed
and the files transferred to TARGET without user intervention.

Armed with that, you can then run qvm-run SOURCE 'cp DIRECTORY' from
dom0.
Remove the policy when done.

The risk here is that while this policy is in place any files may be
transferred from SOURCE - you should probably prune QubesIncoming/SOURCE
to make sure that nothing untoward has been transferred.

Alternatives are to use a shared folder - noted
here - or a utility like
syncthing - packaged for Qubes here
Either of these will allow for transfers over qrexec, controlled by a
Qubes policy file, and are callable from dom0.

Thanks @unman for your reply.

I created /etc/qubes-rpc/policy/qubes.Filecopy
The content of the file qubes.Filecopy is one line:

untrusted @anyvm allow target=debian-11

Then I ran the following - not cp but qvm-copy - in Dom0 terminal:

qvm-run untrusted 'qvm-copy file'

And it worked!

Also:

qvm-run untrusted 'qvm-copy folder'

Both file and folder were copied to debian-11. Now after I run this script in Dom0 terminal, I presume I just need to run the following in Dom0 terminal to delete the policy. Right?

rm /etc/qubes-rpc/policy/qubes.Filecopy