Qubes root

Mdogg · December 1, 2022, 11:03pm

When I installed Qubes, I set a root password. Was it a mistake and if yes how can I disable it again?

I found a lot of different opinions on this. The documentation says to leave root disabled. Some other posts say that it is “extra security” and others say that there is no benefit to being root in Qubes and that it does not matter. I have also heard that it is a security risk.

I am so confused

Mdogg · December 1, 2022, 11:22pm

I found the following commands

Remove the root password:
sudo passwd -d root
Lock the account:
sudo passwd -l root

Should I run them in the dom0 terminal? Sorry for the stupid questions btw.

enmus · December 2, 2022, 4:21pm

No need. Once an adversary is in dom0, it’s Game over, anyway…

Mdogg · December 2, 2022, 6:21pm

So that means that it does not matter if an adversary has root or user access to dom0?

fsflover · December 2, 2022, 6:50pm

Yes, all your data is in VMs accessible from dom0 without root.