1FIREJAIL-USERS(5) firejail.users man page FIREJAIL-USERS(5)
2
3
4
6 firejail.users - Firejail user access database
7
8
10 /etc/firejail/firejail.users lists the users allowed to run firejail
11 SUID executable. root user is allowed by default, user nobody is never
12 allowed.
13
14 If the user is not allowed to start the sandbox, Firejail will attempt
15 to run the program without sandboxing it.
16
17 If the file is not present in the system, all users are allowed to use
18 the sandbox.
19
20 Example:
21
22 $ cat /etc/firejail/firejail.users
23 dustin
24 lucas
25 mike
26 eleven
27
28 Use a text editor to add or remove users from the list. You can also
29 use firecfg --add-users command. Example:
30
31 $ sudo firecfg --add-users dustin lucas mike eleven
32
33 By default, running firecfg creates the file and adds the current user
34 to the list. Example:
35
36 $ sudo firecfg
37
38 See man 1 firecfg for details.
39
40
42 An alternative way of restricting user access to firejail executable is
43 to create a special firejail user group and allow only users in this
44 group to run the sandbox:
45
46 # addgroup --system firejail
47 # chown root:firejail /usr/bin/firejail
48 # chmod 4750 /usr/bin/firejail
49
50
51
53 /etc/firejail/firejail.users
54
55
57 Firejail is free software; you can redistribute it and/or modify it un‐
58 der the terms of the GNU General Public License as published by the
59 Free Software Foundation; either version 2 of the License, or (at your
60 option) any later version.
61
62 Homepage: https://firejail.wordpress.com
63
65 firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-lo‐
66 gin(5), jailcheck(1)
67
68
69
700.9.66 Jan 2022 FIREJAIL-USERS(5)