Whonix shared folder permission denied when trying to access it

So it appears some changes have been made in the latest version of whonix.

So in the new Whonix, when you create a shared folder by following these steps So how exactly do you create a shared folder on Whonix? when you try to access your shared folder in workstation you’ll get a “permission denied” message and I’ve figured out how to fix it. I read the documentation. I stared at it real hard and slowly but surely it started to make sense to my average IQ brain.

Ok, so at this point you have created a shared folder and you’re getting permission denied right? Ok look at my screenshot and take note of the name, and directory path of my shared folder, the directory path of my shared folder (in Whonix workstation) is “/media/sf_WhonixSharedFolder” When you were creating your shared folder in Whonix workstation, if you didn’t manually set a mount point (which is what you’re supposed to do. Yes do not manually set the mount point, leave it blank) it’ll automatically mount it in “/media/”

WhonixSharedFolder1854×972 58.2 KB

Oh real quick, you could just change your shared folder’s name to “shared” and that’ll make things easier for ya. But you can name it whatever you want. I’ll walk ya through this.

Ok so follow this link VirtualBox Guest Additions and Shared Folders click the button that says “Whonix” it should already be clicked though. Ok Shared Folder Permission Fix.

Fire up gateway and now fire up workstation, look at the screenshot, select “PERSISTENT Mode SYSMAINT Session”

Persistent mode sysmaint session1024×768 105 KB

Ok so now you should see the System Maintenance Panel before your eyes, now click “Open Terminal” and get into terminal. Enter this command

 cd /media/sf_shared 

Well in my case I had to enter

 cd /media/sf_WhonixSharedFolder

And it’s lower and upper case sensitive too. As you can see the name of my shared folder is “WhonixSharedFolder” it’s case sensitive, remember that.

It should tell you permission denied. So in that tutorial I linked above, move on to Step 3.

Enter command

 sudo adduser user vboxsf 

And remember, the name of your username in Whonix workstation is literally just “user”. Also, you should not use user-sysmaint-split just ignore that part.

Now enter

 sudo chmod --recursive 770 /media/sf_shared 

Again in my case it was “sudo chmod --recursive 770 /media/sf_WhonixSharedFolder”

Then enter

 sudo chown --recursive root:vboxsf /media/sf_shared 

Again in my case it was “sudo chown --recursive root:vboxsf /media/sf_WhonixSharedFolder”

Now enter

 reboot 

Done! Linux file permissions should be fixed.

P.S. Patrick this part really threw me off there for a moment and I was about to pull my hair out and scream cause I couldn’t figure it out, I mean it really got me aggravated for a moment cause I was like “Now what the hell is this!!!”

So I do have a request. Can you please design it so we can easily and effortlessly fix this shared folder permission issue using the System Maintenance Panel? It needs to be user friendly and the GUI is much easier to use for most computer users. I used Windows for over 20 years and touched the command line just one time. I am personally much more comfortable with graphical user interfaces GUIs. It’s just a lot easier to get things done in a GUI compared to the CLI, and well, I am just your average layman. I am an average person with an average IQ and the GUI is so much easier to use I find. Remember, it needs to be user friendly so Whonix can become more broadly used. Whonix is competing with Tails. On Reddit r/Whonix has 10K members, r/tails has 116K members. People need to come over to Whonix. Isn’t Whonix more secure than tails?

Patrick I’m just giving you advice, wanna grow the user base of Whonix? It has to be as user friendly as possible, which means, there has to be an easy to use GUI, you should be able to use a GUI for all of this stuff. I should be able to use a GUI to manage shared folder permissions, make it easy, make it effortless. There has to be a GUI. I like to avoid the CLI as much as possible myself. On Windows you never have to use the CLI. And I come from Windows.

I mean, I can see you can fix the issue using the CLI but I’d love to just use the GUI to fix it real quick, can you make that happen please? For example maybe you could put a button on the System Maintenance Panel that says “Manage Shared Folder Permissions” and you just simply click this button and then from there easily give the shared folder the permissions it needs in order to work properly. I bet you could throw that together in a jiffy.

Thanks.

This is the limited contribution for better usability that I could make.

No, unfortunately, I cannot. Source code and documentation is already as simple as I could make it.

It’s not as if “usability is great” hasn’t come to my mind.

There’s no need to argue pro usability.

If you want to know why things are as they are, read this:

No, I cannot.

You can’t make it so we can manage shared folder permissions via GUI?

Ask Patrick more politely. And donate. Maybe he will add more GUI in the future. I agree that such basic functions as a shared folder should be easier for new users. But Patrick creates excellent documentation where the commands are described in great detail and even a CLI novice user will quickly understand how to do it (especially now that everyone is using GPT, Grok, Llama…)

No. → Community Feedback

A post was split to a new topic: Sysmaint - Where to run upgrades? Only on Whonix-Workstation or also on Whonix-Gateway?

I’m sorry I’m trying to understand this, so in this guide VirtualBox Guest Additions and Shared Folders it says “Optional: If using user-sysmaint-split, the user might want to add account sysmaint as well.”

Now “PERSISTENT Mode USER Session daily activities” is this user-sysmaint-split?

I’m just trying to understand why it says “Optional: If using user-sysmaint-split, the user might want to add account sysmaint as well.” in the guide. First off, I don’t even know exactly what user-sysmaint-split is?

Right on top there is the Sysmaint Notice which introduces the term user-sysmaint-split.

If terminology is unknown - and it is reasonable that this terminology is unknown… I am already expecting that not every user will know what user-sysmaint-split is.

That’s why user-sysmaint-split in Sysmaint Notice is a clickable link. Users who don’t know what that is are expected to click the link and read the linked wiki page.

Ok reading here sysmaint - System Maintenance User it says

"Starting from version 17.3.9.9, Kicksecure comes with a security feature called user-sysmaint-split enabled by default (in Xfce and above). This feature creates two separate user accounts:

• user - for daily activities like browsing, writing documents, etc.
• sysmaint - short for system maintenance; used for tasks that require administrative rights such as installing or updating software.

This separation improves security. For example, if malware compromises your web browser in the user session, it won’t have permission to make critical system changes or install rootkits (malicious software that can hide in the system).

You only use the sysmaint account when you want to change system behavior - such as adding new programs, applying updates, or performing administrative tasks."

I guess if you ever need a reason to access the shared folder from the sysmaint account via Terminal, in that case you’d need to give the sysmaint account permission to access the shared folder. Ok I think I get it.