{{Header}}
{{Title|
title=sysmaint - System Maintenance User
}}
{{#seo:
|description=sysmaint
}}
{{passwords_mininav}}
{{intro|
There are two accounts.
* user
- For daily activities.
* sysmaint
- For system maintenance administrative activities such as installing software, upgrading.
This is a security feature. ([[Root#Rationale_for_Separate_sysmaint_Account|rationale]])
}}
= Introduction =
sysmaint
- system maintenance
= Status =
{{Testers-Only}}
{{stub}}
= Default Installation Status =
* '''Old versions:''' Kicksecure build versions up to 17.2.8.5
will not be upgraded to install user-sysmaint-split
by default. Users however can opt-in to install it, see [[#Installation]]. The package will likely get installed by default when major [[Release Upgrade]] to version 18 is performed.
* '''New versions:'''
** '''host:''' Meta package kicksecure-host-xfce
will come with user-sysmaint-split
by default.
** '''CLI:''' Meta package kicksecure-host-cli
will not come with user-sysmaint-split
by default.
** '''servers:''' user-sysmaint-split
will not be installed by default on servers.
** '''[[Distribution Morphing]]:''' Depending on chosen meta package.
= Installation =
{{Install Package
|package=user-sysmaint-split sysmaint-panel
}}
= Usage =
[[File:System-maintenance-panel.png|thumb|The sysmaint desktop session.]]
[[File:Sysmaint-tty.png|thumb|The sysmaint console session.]]
After installing user-sysmaint-split
, you will no longer be able to use sudo
or pkexec
when logged into any account other than sysmaint
. Features of {{project_name_short}} that require privilege escalation will also no longer work. This change takes effect immediately.
To perform system maintenance tasks such as checking for software updates, installing updates, etc, you will have to reboot into the sysmaint
account. To do this, restart the system normally, then select PERSISTENT mode SYSMAINT (For system maintenance.)
from the boot menu. The system will boot into a minimal desktop session with the System Maintenance Panel app running. To reduce attack surface, most superfluous background services are suppressed while booted into the sysmaint
account.
The sysmaint
desktop session is intentionally minimal and not suited for normal desktop use. This is to discourage using it for work that has a higher risk of causing a difficult-to-avoid system compromise (such as web browsing). Quick shortcuts are provided for simple software management and system administration tasks, while more advanced tasks can be performed from a terminal. The sudo
and pkexec
commands will be usable here.
Once you are done with system maintenance tasks, click "Reboot" to reboot the system. Then boot into PERSISTENT mode USER (For daily activities.)
or LIVE mode USER (For daily activities.)
. This will provide you with a standard desktop session.
You can also log into the sysmaint
account from a [[Desktop#Virtual_Consoles|virtual consoles]] (tty
). Simply input the account name sysmaint
at the login prompt. This session behaves identically to a typical virtual console session. A short informational message will be printed after login reminding you that the sysmaint
account must be used with caution.
= Notes =
* Several restrictions are imposed to reduce the risk of the sysmaint
account becoming compromised:
** The sysmaint
account is locked and cannot be logged into when booted into modes other than PERSISTENT mode SYSMAINT
.
** Logging into the sysmaint
using anything other than the special sysmaint session is prohibited.
** When booted in PERSISTENT mode SYSMAINT
, you will be discouraged (but not entirely prevented) from logging into accounts other than sysmaint
. We don't lock accounts other accounts on the system, since doing so would make it very tricky or even impossible for the user to permanently lock accounts themselves.
= Questions and Answers =
* Why is there a separate sysmaint
account?
** See [[Root#Rationale_for_Separate_sysmaint_Account|Rationale for Separate sysmaint Account]].
* Why is it required to boot into sysmaint
mode, why not simply use start menu -> switch user?
** This is to mitigate [[login spoofing]] attacks and to to prevent [[Dev/Strong_Linux_User_Account_Isolation#sudo_password_sniffing|sudo
password sniffing]].
* How to go back to classic sudo
mode, where user user
can use sudo
?
** See [[#Uninstallation]].
= Uninstallation =
This chapter documents how to disable user-sysmaint-split
and to go back to classic sudo
mode, where user user
can use sudo
.
'''Optional.''' Discouraged.
If user-sysmaint-split
comes installed by default, the easiest to remove it is by using [[Debian_Packages#dummy-dependency|dummy-dependency
]] to avoid meta package removal issues ([[Debian Packages]]).
{{CodeSelect|code=
dummy-dependency --purge user-sysmaint-split
}}
'''Optional.''' Removal of sysmaint-panel
is optional because it is a {{gui}} that can also be used with classic sudo
setup.
{{CodeSelect|code=
dummy-dependency --purge sysmaint-panel
}}
= Developers =
* [[Dev/Strong_Linux_User_Account_Isolation|User Account Isolation (developers)]]
* [[Dev/user-sysmaint-split|user
-sysmaint
-split (developers)]]
* https://github.com/Kicksecure/user-sysmaint-split
* https://github.com/Kicksecure/sysmaint-panel
the best case potentially realistic scenario for fast user switching from `user` to `sysmaint` - in theory - would be
1. logout with "save session" as user `user`. as in saving the session to disk and allow it to be resumed. but no processes must continue to run.
2. SysRq + SAK
3. login into sysmaint
4. logout sysmaint
5. SysRq + SAK (optional, just to establish the habbit)
6. resume user `user` session
= Footnotes =
{{reflist|close=1}}
[[Category:Documentation]]
{{Footer}}