Kicksecure Breaks permissions in Debian 12

After installing kicksecure, I am no longer able to save files via programm installed, and run, under a user account.

I only have one primary account, and I cannot get programs executed under said account to execute with same privileges.

so bug in kicksecure, and how to fix please?

Reporting Guidelines

debian 12 + kicksecure CLI

anything launched under a user account

launch a program that needs write permissions to /mnt/UU-ID-some-physical-local-drive

permission denied even LIST files

expected behavior: programs launched under [user account] inherit privileges

programs launched under [user account] should inherit privileges by default.

You’re not providing instructions on what exactly you did. Hence, I cannot reproduce the issue. Therefore the low chance for a fix got even lower.

I don’t think Kicksecure modifies anything for any arbitrary program.

If you cannot access it from command line then a program will likely also not be able to access the folder.

So there’s no inheritance issue.

How was that created?

Are you sure that works different in Debian vs Kicksecure?

There was an issue with auto mounting in the past:
Disk & USB Automount in Kicksecure - Support - Whonix Forum

so, TYPICALLY when I have installed programs, usually through apt, .deb packages, or through something like dkpg or software manager in ‘mint’, the program installs, and when launched under my [username] credentials ‘inherits’ those rights by default.

Admittedly, this is not always the case; however often there will be a sudo challenge ‘enter your password’

in this instance the program in question needs to know where to ‘save’ a file in the ‘save file dialog’ accessing other drives already mounted under ‘current user’ are ‘permission denied’

Expected behavior is that programs launched under ‘current user’ inherrit same permissions.

Answering your direct questions.

quote: I don’t think Kicksecure modifies anything for any arbitrary program.

makes sense, but seems to be some ‘blanket’ policy

I can access the drives directly from CLI, and caja without SU; however in NEARLY ALL DEBIAN VARIANTS (sorry caps)(debian,ubuntu,mint) I find it necessary to enter ‘disks’ or ‘gnome-disks’ goto 'mount options, and ‘uncheck’ auto, and whatever is the default seems to work fine.

all disks mount at start and dont give any issues related to permission,more or less maybe root, but not other drives. generally other, non system drives just work.

I have unchecked the ‘automount’, and as stated these work fine in other areas such as caja, CLI, but programs have issues accessing them.

I generally have not found it necessary to create ‘groups’ and usernames for programs to have access. what this bings to mind now though is one time several years ago I followed some instructions on installing bittorrent on linux mint, and I was required to create a username and group, and it was started and run as a service. without that, it too had a similar ‘permission’ issue.

Honestly, after the hundres of hours I have spen trying to remedy the issue, I just dont have it in me to reinstall debian 12 configure it, test it, install kicksecure, test it again.

I may sometime, but im spent. I need it to work right now, and if I cant, I will have to get something that will work.

for what its worth, thank you for you help.

Sorry, I think ebpf answered my problem. not a bug.