On Wed, Mar 08, 2017 at 05:48:57AM -0800, mdasilvape...@gmail.com wrote: > Hello, > > I would create few template of VM for forensic, personal, .... > Once I have create this template, I wouldn't the user@dom0 will can create or > remove other vm. The only vm of the user can create or remove is based on a > vm template created before. > I want the root user is the only user to create different vm. > > thanks you for your help, max >
Hello max, The default Qubes setup doesn't differentiate between user and root - for a rationale look here: www.qubes-os.org/doc/vm-sudo Also, Qubes isn't a multi-user OS. So what you are asking for requires substantial changes to the default Qubes set-up. You will find instructions on that page on disabling password-less sudo. This would be a first step. Then you would need to change permissions on the qubes/templates and make sure that your new user had at least read access to the templates and no access to the Qubes dom0 tools. None of the attendant problems are insurmountable, and there are some users who have claimed to be able to get a multi-user system working. But it isn't imo a genuine multi-user system and has a pretty thin veneer of added security. Try it by all means - you'll hit permissions problems for sure, and you should be able to work around them. If all you want to do is create a simple Qubes where users aren't likely to break things, it's much easier to do this. First stop manager from starting. Create a custom menu with only a few qubes and few shortcuts. Remove all the template menus and system menus. Change the "desktop menu" to restrict options available to those same qubes and shortcuts. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170308145624.GA2649%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
