sysmaint - System Maintenance User
Whonix specific sysmaint account documentation. Default Installation Status Differences:
- Whonix-Workstation versus Whonix-Gateway;
- GUI (Xfce) versus CLI;
- Older versions versus new images.
Starting from Whonix-Workstation version 17.3.0.5
Xfce and above, Whonix comes with user-sysmaint-split
by default.
There are two accounts:
user
- For daily activities.sysmaint
- For system maintenance administrative activities, such as installing software or upgrading.
This is a security feature. (
rationale
)
The opposite of user-sysmaint-split
is
Unrestricted Admin Mode
, which users can opt in to enable.
Version Overview[edit]
Feature | Whonix-Workstation Xfce (GUI) | Whonix-Gateway Xfce (GUI) | Whonix-Workstation CLI | Whonix-Gateway CLI |
---|---|---|---|---|
user-sysmaint-split
|
Yes, installed by default in new images. | No, not installed by default. | No, not installed by default. | No, not installed by default. |
Old Versions | No, will not be automatically installed during the Whonix 17 release cycle to avoid breaking existing user workflows. | No, will remain sudo passwordless by default for better usability.
|
No, not applicable, will remain sudo passwordless by default.
|
No, not applicable, will remain sudo passwordless by default.
|
New Images | Yes, will come with user-sysmaint-split installed by default.
|
No, will remain sudo passwordless by default and user-sysmaint-split will not be included.
|
No, user-sysmaint-split will not be included.
|
No, user-sysmaint-split will not be included.
|
17 to 18 Release Upgrade | Yes, user-sysmaint-split will be installed by default.
|
No change. Will remain sudo passwordless by default.
|
No, user-sysmaint-split will not be included.
|
No, user-sysmaint-split will not be included.
|
Opt-Out | Yes, supported via custom configurations. | Yes | Yes | Yes |
Opt-In | Yes, user-sysmaint-split can be installed at any time.
|
Yes | Yes | Yes |
user-sysmaint-split - Whonix-Workstation versus Whonix-Gateway - Default Installation Status Differences[edit]
This is because, according to the threat model and usage instructions, the user should not use Whonix-Gateway for anything other than running and configuring Tor. End-user applications, such as a browser, should be run inside Whonix-Workstation. Therefore, according to our current understanding, user-sysmaint-split
would have no security benefit for Whonix-Gateway. As a result, Whonix-Gateway will remain sudo
passwordless by default for better usability. Whonix-Workstation will come with user-sysmaint-split
installed by default. [1]
user-sysmaint-split - GUI vs CLI - Default Installation Status Differences[edit]
user-sysmaint-split
is different for the graphical user interface (GUI) versus the command line interface (CLI) version.
In the future, the CLI version will be improved to be more suitable for servers.
Server support for user-sysmaint-split
, however, isn't as sophisticated yet as it is for the GUI version. For some server use cases, user-sysmaint-split
may be less needed or unneeded. This topic is elaborated in the development chapter
user-sysmaint-split
Server Support
.
Upstream[edit]

Footnotes[edit]
- ↑
No user applications are running there, besides:
- Tor Controller (optional, manual start only)
- Anon Connection Wizard (optional, manual start only)
- Tor-control-panel (optional, manual start only)
- sdwdate-gui (runs by default, can be disabled.)

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!