oracular (5) firejail-users.5.gz

Provided by: firejail_0.9.72-2ubuntu3_amd64 bug

NAME
       firejail.users - Firejail user access database


DESCRIPTION
       /etc/firejail/firejail.users  lists  the  users  allowed  to  run firejail SUID executable.  root user is
       allowed by default, user nobody is never allowed.

       If the user is not allowed to start the sandbox,  Firejail  will  attempt  to  run  the  program  without
       sandboxing it.

       If the file is not present in the system, all users are allowed to use the sandbox.

       Example:

            $ cat /etc/firejail/firejail.users
            dustin
            lucas
            mike
            eleven

       Use  a  text  editor  to add or remove users from the list. You can also use firecfg --add-users command.
       Example:

            $ sudo firecfg --add-users dustin lucas mike eleven

       By default, running firecfg creates the file and adds the current user to the list. Example:

            $ sudo firecfg

       See man 1 firecfg for details.


ALTERNATIVE SOLUTION
       An alternative way of restricting user access to firejail executable is to create a special firejail user
       group and allow only users in this group to run the sandbox:

            # addgroup --system firejail
            # chown root:firejail /usr/bin/firejail
            # chmod 4750 /usr/bin/firejail


FILES
       /etc/firejail/firejail.users


LICENSE
       Firejail  is  free  software; you can redistribute it and/or modify it under the terms of the GNU General
       Public License as published by the Free Software Foundation; either version 2 of the License, or (at your
       option) any later version.

       Homepage: https://firejail.wordpress.com


SEE ALSO
       firejail(1), firemon(1), firecfg(1), firejail-profile(5), firejail-login(5), jailcheck(1)