## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC ## See the file COPYING for copying conditions. ## check_tor_bootstrap.bsh user ALL=(sdwdate) NOPASSWD: /usr/libexec/helper-scripts/onion-time-pre-script ## Required for systemcheck running "tor --verify-config". user ALL=(debian-tor) NOPASSWD: /usr/bin/tor --verify-config user ALL=(debian-tor) NOPASSWD: /usr/sbin/tor --verify-config ## tor_bootstrap_check.bsh ## Run by /usr/libexec/helper-scripts/tor_bootstrap_check.bsh ## check_bootstrap_helper_script user ALL=(debian-tor) NOPASSWD: /usr/libexec/helper-scripts/tor_bootstrap_check.py user ALL=(debian-tor) NOPASSWD: /usr/libexec/helper-scripts/tor_consensus_valid-after.py user ALL=(debian-tor) NOPASSWD: /usr/libexec/helper-scripts/tor_consensus_valid-until.py user ALL=(debian-tor) NOPASSWD: /usr/bin/tor-circuit-established-check user ALL=NOPASSWD: /usr/bin/systemctl --no-pager --no-block status onion-grater user ALL=NOPASSWD: /usr/bin/systemctl --no-pager --no-block status qubes-updates-proxy.service user ALL=NOPASSWD: /usr/libexec/helper-scripts/apt-get-update-simulate user ALL=NOPASSWD: /usr/libexec/helper-scripts/apt-get-update-kill-helper user ALL=NOPASSWD: /usr/sbin/anondate ## check_package_manager_running_helper user ALL=NOPASSWD: /usr/bin/fuser /var/lib/dpkg/lock /var/cache/apt/archives/lock ## required for check_network_interfaces user ALL=NOPASSWD: /usr/sbin/ifconfig eth0 user ALL=NOPASSWD: /usr/sbin/ifconfig eth1 ## required for check_kernel_messages user ALL=NOPASSWD: /usr/bin/dmesg "" ## required for check_spectre_meltdown user ALL=NOPASSWD: /usr/bin/spectre-meltdown-checker --paranoid ## required for check_services user ALL=NOPASSWD: /usr/sbin/apparmor-info --boot user ALL=NOPASSWD: /usr/bin/journalctl --boot --no-pager user ALL=NOPASSWD: /usr/bin/journalctl --boot --no-pager --priority=0..4 user ALL=NOPASSWD: /usr/bin/journalctl --boot --no-pager -u whonix-firewall user ALL=NOPASSWD: /usr/bin/systemctl --no-pager --no-block status whonix-firewall user ALL=NOPASSWD: /usr/bin/systemctl --no-pager --no-block --no-legend --failed user ALL=NOPASSWD: /usr/bin/systemctl --no-pager --no-block --failed list-units ## required for check_tor_running user ALL=NOPASSWD: /usr/bin/systemctl --no-pager --no-block status tor user ALL=NOPASSWD: /usr/bin/systemctl --no-pager --no-block status tor@default user ALL=NOPASSWD: /usr/libexec/systemcheck/check_tor_running ## required for check_warrant_canary user ALL=NOPASSWD: /usr/bin/systemctl --no-pager --no-block status canary ## required for check_network_interfaces if /sys is restricted to root user ALL=NOPASSWD: /usr/bin/cat /sys/class/net/eth0/carrier user ALL=NOPASSWD: /usr/bin/cat /sys/class/net/eth1/carrier ## required for check_pvclock if /sys is restricted to root user ALL=NOPASSWD: /usr/bin/cat /sys/devices/system/clocksource/clocksource0/current_clocksource user ALL=NOPASSWD: /usr/bin/cat /sys/devices/system/clocksource/clocksource0/available_clocksource ## required for check_virtualizer if /sys is restricted to root user ALL=NOPASSWD: /usr/bin/systemd-detect-virt ## required for check_sudo user ALL=NOPASSWD: /usr/bin/test -x /usr/bin/test ## TODO: Consider removing hardcoded account 'user' from here? sysmaint ALL=NOPASSWD: /usr/bin/test -x /usr/bin/test