firejail-users(5) — Linux manual page

NAME | DESCRIPTION | ALTERNATIVE SOLUTION | FILES | LICENSE | SEE ALSO | COLOPHON

FIREJAIL-USERS(5)        firejail.users man page       FIREJAIL-USERS(5)

NAME         top

       firejail.users - Firejail user access database

DESCRIPTION         top

       /etc/firejail/firejail.users lists the users allowed to run
       firejail SUID executable.  root user is allowed by default, user
       nobody is never allowed.

       If the user is not allowed to start the sandbox, Firejail will
       attempt to run the program without sandboxing it.

       If the file is not present in the system, all users are allowed
       to use the sandbox.

       Example:

            $ cat /etc/firejail/firejail.users
            dustin
            lucas
            mike
            eleven

       Use a text editor to add or remove users from the list. You can
       also use firecfg --add-users command. Example:

            $ sudo firecfg --add-users dustin lucas mike eleven

       By default, running firecfg creates the file and adds the current
       user to the list. Example:

            $ sudo firecfg

       See man 1 firecfg for details.

ALTERNATIVE SOLUTION         top

       An alternative way of restricting user access to firejail
       executable is to create a special firejail user group and allow
       only users in this group to run the sandbox:

            # addgroup --system firejail
            # chown root:firejail /usr/bin/firejail
            # chmod 4750 /usr/bin/firejail

FILES         top

       /etc/firejail/firejail.users

LICENSE         top

       Firejail is free software; you can redistribute it and/or modify
       it under the terms of the GNU General Public License as published
       by the Free Software Foundation; either version 2 of the License,
       or (at your option) any later version.

       Homepage: https://firejail.wordpress.com

SEE ALSO         top

       firejail(1), firemon(1), firecfg(1), firejail-profile(5),
       firejail-login(5), jailcheck(1)

COLOPHON         top

       This page is part of the Firejail (Firejail security sandbox)
       project.  Information about the project can be found at 
       ⟨https://firejail.wordpress.com⟩.  If you have a bug report for
       this manual page, see ⟨https://firejail.wordpress.com/support/⟩.
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/netblue30/firejail.git⟩ on 2023-12-22.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-12-21.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

0.9.73                          Jun 2023               FIREJAIL-USERS(5)

Pages that refer to this page: firecfg(1)firejail(1)firemon(1)jailcheck(1)firejail-login(5)firejail-profile(5)