firejail-users(5)

1FIREJAIL-USERS(5)           firejail.users man page          FIREJAIL-USERS(5)
2
3
4

NAME

6       firejail.users - Firejail user access database
7
8

DESCRIPTION

10       /etc/firejail/firejail.users  lists  the  users allowed to run firejail
11       SUID executable.  root user is allowed by default, user nobody is never
12       allowed.
13
14       If  the user is not allowed to start the sandbox, Firejail will attempt
15       to run the program without sandboxing it.
16
17       If the file is not present in the system, all users are allowed to  use
18       the sandbox.
19
20       Example:
21
22            $ cat /etc/firejail/firejail.users
23            dustin
24            lucas
25            mike
26            eleven
27
28       Use  a  text  editor to add or remove users from the list. You can also
29       use firecfg --add-users command. Example:
30
31            $ sudo firecfg --add-users dustin lucas mike eleven
32
33       By default, running firecfg creates the file and adds the current  user
34       to the list. Example:
35
36            $ sudo firecfg
37
38       See man 1 firecfg for details.
39
40

ALTERNATIVE SOLUTION

42       An alternative way of restricting user access to firejail executable is
43       to create a special firejail user group and allow only  users  in  this
44       group to run the sandbox:
45
46            # addgroup --system firejail
47            # chown root:firejail /usr/bin/firejail
48            # chmod 4750 /usr/bin/firejail
49
50
51

FILES

53       /etc/firejail/firejail.users
54
55

LICENSE

57       Firejail  is  free  software;  you can redistribute it and/or modify it
58       under the terms of the GNU General Public License as published  by  the
59       Free  Software Foundation; either version 2 of the License, or (at your
60       option) any later version.
61
62       Homepage: https://firejail.wordpress.com
63

NAME

DESCRIPTION

ALTERNATIVE SOLUTION

FILES

LICENSE

SEE ALSO