{{Header}}
{{Title|
title=sysmaint - System Maintenance User
}}
{{#seo:
|description={{project_name_short}} specific sysmaint account documentation. Default Installation Status Differences - Whonix-Workstation versus Whonix-Gateway - GUI (Xfce) versus CLI - Older versions versus new images.
}}
{{intro|
{{project_name_short}} specific sysmaint account documentation. Default Installation Status Differences:

* Whonix-Workstation versus Whonix-Gateway; 
* GUI (Xfce) versus CLI;
* Older versions versus new images.

Starting from {{project_name_workstation_short}} version <code>17.3.0.5</code> Xfce and above, {{project_name_short}} comes with [[sysmaint|<code>user-sysmaint-split</code>]] by default.

There are two accounts:

* <code>user</code> - For daily activities.
* <code>sysmaint</code> - For system maintenance administrative activities, such as installing software or upgrading.

This is a security feature. ({{kicksecure_wiki
|wikipage=Root#Rationale_for_Separate_sysmaint_Account
|text=rationale
}})

The opposite of <code>user-sysmaint-split</code> is {{kicksecure_wiki
|wikipage=unrestricted_admin_mode
|text=Unrestricted Admin Mode
}}, which users can opt in to enable.
}}

= Version Overview =
{| class="wikitable"
! Feature
! [[Whonix-Workstation]] Xfce (GUI)
! [[Whonix-Gateway]] Xfce (GUI)
! Whonix-Workstation CLI
! Whonix-Gateway CLI
|-

! <code>user-sysmaint-split</code>
| {{Yes}}, installed by default in new images.  
| {{No}}, not installed by default.
| {{No}}, not installed by default.
| {{No}}, not installed by default.
|-

! Old Versions
| {{No}}, will not be automatically installed during the Whonix 17 release cycle to avoid breaking existing user workflows.
| {{No}}, will remain <code>sudo</code> passwordless by default for better usability.
| {{No}}, not applicable, will remain <code>sudo</code> passwordless by default.
| {{No}}, not applicable, will remain <code>sudo</code> passwordless by default.
|-

! New Images
| {{Yes}}, will come with <code>user-sysmaint-split</code> installed by default.
| {{No}}, will remain <code>sudo</code> passwordless by default and <code>user-sysmaint-split</code> will not be included.
| {{No}}, <code>user-sysmaint-split</code> will not be included.
| {{No}}, <code>user-sysmaint-split</code> will not be included.
|-

! 17 to 18 [[Release Upgrade]]
| {{Yes}}, <code>user-sysmaint-split</code> will be installed by default.
| {{No}} change. Will remain <code>sudo</code> passwordless by default.
| {{No}}, <code>user-sysmaint-split</code> will not be included.
| {{No}}, <code>user-sysmaint-split</code> will not be included.
|-

! Opt-Out
| {{Yes}}, supported via custom configurations.
| {{Yes}}
| {{Yes}}
| {{Yes}}
|-

! Opt-In
| {{Yes}}, <code>user-sysmaint-split</code> can be installed at any time.
| {{Yes}}
| {{Yes}}
| {{Yes}}
|-

|}

= user-sysmaint-split - Whonix-Workstation versus Whonix-Gateway - Default Installation Status Differences =
This is because, according to the threat model and usage instructions, the user should not use [[Whonix-Gateway]] for anything other than running and configuring Tor. End-user applications, such as a browser, should be run inside [[Whonix-Workstation]]. Therefore, according to our current understanding, <code>user-sysmaint-split</code> would have no security benefit for Whonix-Gateway. As a result, Whonix-Gateway will remain <code>sudo</code> passwordless by default for better usability. Whonix-Workstation will come with <code>user-sysmaint-split</code> installed by default. <ref>
No user applications are running there, besides:

* [[Tor Controller]] (optional, manual start only)
* [[Anon Connection Wizard]] (optional, manual start only)
* [[Tor-control-panel]] (optional, manual start only)
* [[sdwdate-gui]] (runs by default, can be disabled.)

See also: [https://forums.whonix.org/t/qubes-sudo-su-root-hardening-development-discussion/8561/54 Whonix Forums Discussion on the usefulness of user-sysmaint-split inside Whonix-Gateway]
</ref>

= user-sysmaint-split - GUI vs CLI - Default Installation Status Differences =

<code>user-sysmaint-split</code> is different for the {{gui}} versus the {{cli}} version.

In the future, the CLI version will be improved to be more suitable for servers.

Server support for <code>user-sysmaint-split</code>, however, isn't as sophisticated yet as it is for the GUI version. For some server use cases, <code>user-sysmaint-split</code> may be less needed or unneeded. This topic is elaborated in the development chapter {{kicksecure_wiki
|wikipage=Dev/user-sysmaint-split#Server_Support
|text=<code>user-sysmaint-split</code> Server Support
}}.

= Upstream =
{{upstream_wiki|
Sysmaint
}}

= Footnotes =
{{reflist|close=1}}
[[Category:Documentation]]
{{Footer}}