The default and “normal” flavor templates (gnome/xfce4) all come with qubes-core-agent-passwordless-root
, which means you can use sudo inside all of them. If you are going into dom0 to get a root shell to use apt/dnf, this is an unnecessary extra step.
This is the point of my argument. Why send users to dom0 when they can send commands inside an isolated system? dom0 is the most important part of Qubes, if something goes wrong there, it’s game over. Like I said, it’s better if users, especially beginners, stay away from dom0 as much as possible.
Where do they store the root passwords? Some users don’t want to remember 10 different password and reusing them across multiple templates/qubes is far from a good idea. What’s the point of doing it this way? It’s going to be more frustrating that the current passwordless root way.
Don’t see the benefits of passwordless root? Out of my mind:
- Users don’t have to keep multiple passwords in a place where they can lose them.
- Don’t waste time writing an unnecessary password to install a program on an isolated system.
I’ll say it again, this is an isolated system running inside Xen. Bare metal systems require a password protected root because you can access both data and hardware, which is not the case with Qubes. Data can be accessed at the user level and restricting root or not won’t change that
I am still waiting for a list of the benefits of enabling root inside a qube. Nobody wants something added by default that doesn’t bring any benefits. Like my previous posts, I can’t see any other benefit than wasting people’s time.