firejail-users

FIREJAIL-USERS(5)            firejail.users man page           FIREJAIL-USERS(5)



NAME
       firejail.users - Firejail user access database


DESCRIPTION
       /etc/firejail/firejail.users lists the users allowed to run firejail SUID
       executable.  root user is allowed by default, user nobody is never
       allowed.

       If the user is not allowed to start the sandbox, Firejail will attempt to
       run the program without sandboxing it.

       If the file is not present in the system, all users are allowed to use
       the sandbox.

       Example:

            $ cat /etc/firejail/firejail.users
            dustin
            lucas
            mike
            eleven

       Use a text editor to add or remove users from the list. You can also use
       firecfg --add-users command. Example:

            $ sudo firecfg --add-users dustin lucas mike eleven

       By default, running firecfg creates the file and adds the current user to
       the list. Example:

            $ sudo firecfg

       See man 1 firecfg for details.


ALTERNATIVE SOLUTION
       An alternative way of restricting user access to firejail executable is
       to create a special firejail user group and allow only users in this
       group to run the sandbox:

            # addgroup --system firejail
            # chown root:firejail /usr/bin/firejail
            # chmod 4750 /usr/bin/firejail



FILES
       /etc/firejail/firejail.users


LICENSE
       Firejail is free software; you can redistribute it and/or modify it under
       the terms of the GNU General Public License as published by the Free
       Software Foundation; either version 2 of the License, or (at your option)
       any later version.

       Homepage: https://firejail.wordpress.com

SEE ALSO
       firejail(1), firemon(1), firecfg(1), firejail-profile(5) firejail-
       login(5)



0.9.64                              Oct 2020                   FIREJAIL-USERS(5)