When I installed Qubes, I set a root password. Was it a mistake and if yes how can I disable it again?
I found a lot of different opinions on this. The documentation says to leave root disabled. Some other posts say that it is “extra security” and others say that there is no benefit to being root in Qubes and that it does not matter. I have also heard that it is a security risk.
I am so confused
I found the following commands
- Remove the root password:
sudo passwd -d root
- Lock the account:
sudo passwd -l root
Should I run them in the dom0 terminal? Sorry for the stupid questions btw.
No need. Once an adversary is in dom0, it’s
Game over, anyway…
So that means that it does not matter if an adversary has root or user access to dom0?
Yes, all your data is in VMs accessible from dom0 without root.