You probably don’t need sudo to edit the file, just try to open it without sudo.
/etc/qubes/policy.d/30-user.policy file belongs to root user and others only have read perm. Even if I open that file with vanilla vim in dom0, vim says it is “readonly” file. So how am I supposed to edit it without sudoedit, or why is sudoedit acting wonky now (it was working months ago)
It turns out I answered my own problem in that thread regarding sudoedit in dom0: Monero Wallet/Daemon Isolation with Qubes + Whonix - #79 by tanky0u
EDIT: No chance! What the hell! Even with
SUDOEDITOR=/usr/bin/vim sudoedit /etc/qubes/policy.d/30-user.policy
I am still getting the same nonsensical error message I posted above.
It seems that you’ve created the file with something like:
sudo nano /etc/qubes/policy.d/30-user.policy
But you didn’t have to use sudo to create the file there, you can create and edit files there without sudo.
Change the file ownership to user:
sudo chown user:user /etc/qubes/policy.d/30-user.policy
And don’t use sudo or sudoedit to edit this file.
I think yes. But is it OK for this file to belong the user? Files under /etc/ are meant to belong to the system administrators.
Yes.
It’s not strictly necessary.
1 Like
Apparently I can only mark one post as a “solution”, but 2 years later, multiple people chipped in with “policy” based solutions (which is the correct way to do it).
So the answer is that it’s all about setting policies.
- qvm-copy-to-vm still works if one set the policy for doing that
- note: understand the security implications of whatever you give via policy before you change policy files
- however qvm-copy-to-vm is deprecated so may dissapear someday
- unmans version should also work (and continue to work if qvm-copy-to-vm stops working someday)
(This belongs in the original post but I am no longer able to edit the original post)
1 Like
There is also qubes-shared-folders project: