github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #2225] unable to authorize user to use firejail #1495

New issue
Closed
opened 2026-05-05 08:09:47 -06:00 by gitea-mirror · 16 comments
gitea-mirror commented 2026-05-05 08:09:47 -06:00
Owner
Copy link

Originally created by @millerthegorilla on GitHub (Oct 29, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/2225

my user exists in /etc/firejail/firejail.users but I get the following message:

Error: the user is not allowed to use Firejail. Please add the user in /etc/firejail/firejail.users file, either by running "sudo firecfg", or by editing the file directly.
See "man firejail-users" for more details.

I am running fedora 28 with gnome 3. my userid is normal at 1000, and the uid_min is 1000.
uname - 4.18.16-200.fc28.x86_64
Thanks

Originally created by @millerthegorilla on GitHub (Oct 29, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/2225 my user exists in /etc/firejail/firejail.users but I get the following message: > Error: the user is not allowed to use Firejail. Please add the user in /etc/firejail/firejail.users file, either by running "sudo firecfg", or by editing the file directly. > See "man firejail-users" for more details. I am running fedora 28 with gnome 3. my userid is normal at 1000, and the uid_min is 1000. uname - 4.18.16-200.fc28.x86_64 Thanks
gitea-mirror 2026-05-05 08:09:47 -06:00
  • closed this issue
  • added the
    bug
         label
gitea-mirror commented 2026-05-05 08:09:51 -06:00
Author
Owner
Copy link

@SkewedZeppelin commented on GitHub (Oct 29, 2018):

What version of firejail are you using and where did you install it from (git, sourceforge, copr)?

<!-- gh-comment-id:433935249 --> @SkewedZeppelin commented on GitHub (Oct 29, 2018): What version of firejail are you using and where did you install it from (git, sourceforge, copr)?
gitea-mirror commented 2026-05-05 08:09:52 -06:00
Author
Owner
Copy link

@millerthegorilla commented on GitHub (Oct 30, 2018):

I'm using 0.9.56 from https://sourceforge.net/projects/firejail/files/firejail/firejail-0.9.56-1.x86_64.rpm/download
I used an admin user with no home directory to install (for sudo), then removed, and added my normal user to the wheel group and then reinstalled. Same issue both times.

<!-- gh-comment-id:434388888 --> @millerthegorilla commented on GitHub (Oct 30, 2018): I'm using 0.9.56 from https://sourceforge.net/projects/firejail/files/firejail/firejail-0.9.56-1.x86_64.rpm/download I used an admin user with no home directory to install (for sudo), then removed, and added my normal user to the wheel group and then reinstalled. Same issue both times.
gitea-mirror commented 2026-05-05 08:09:53 -06:00
Author
Owner
Copy link

@millerthegorilla commented on GitHub (Nov 2, 2018):

is there anyway that I can debug this? Perhaps using a debug enabled version and gdb or similar?

<!-- gh-comment-id:435301058 --> @millerthegorilla commented on GitHub (Nov 2, 2018): is there anyway that I can debug this? Perhaps using a debug enabled version and gdb or similar?
gitea-mirror commented 2026-05-05 08:09:54 -06:00
Author
Owner
Copy link

@millerthegorilla commented on GitHub (Nov 2, 2018):

I have just compiled and installed from source and I still get the same problem.

<!-- gh-comment-id:435303127 --> @millerthegorilla commented on GitHub (Nov 2, 2018): I have just compiled and installed from source and I still get the same problem.
gitea-mirror commented 2026-05-05 08:09:56 -06:00
Author
Owner
Copy link

@millerthegorilla commented on GitHub (Nov 2, 2018):

fyi, when uninstalling the rpm does not clean the symlinks from the /usr/local/bin directory, nor the desktop files from .local/share/applications/. Also, when installing from source, the /etc/firejail.config file is not created. Also, I now have the following error:

Error:
the user is not allowed to use Firejail. Please add the user in /usr/local/etc/firejail/firejail.users file, either by running "sudo firecfg", or by editing the file directly.
See "man firejail-users" for more details.

Note the different file location for firejail.users. When I run a command, such as less, I get the above error but the command runs none-the-less.

<!-- gh-comment-id:435305192 --> @millerthegorilla commented on GitHub (Nov 2, 2018): fyi, when uninstalling the rpm does not clean the symlinks from the /usr/local/bin directory, nor the desktop files from .local/share/applications/. Also, when installing from source, the /etc/firejail.config file is not created. Also, I now have the following error: > Error: > the user is not allowed to use Firejail. Please add the user in /usr/local/etc/firejail/firejail.users file, either by running "sudo firecfg", or by editing the file directly. > See "man firejail-users" for more details. Note the different file location for firejail.users. When I run a command, such as less, I get the above error but the command runs none-the-less.
gitea-mirror commented 2026-05-05 08:09:57 -06:00
Author
Owner
Copy link

@millerthegorilla commented on GitHub (Nov 2, 2018):

upgraded to fedora 29, no change.

<!-- gh-comment-id:435338591 --> @millerthegorilla commented on GitHub (Nov 2, 2018): upgraded to fedora 29, no change.
gitea-mirror commented 2026-05-05 08:09:57 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Nov 2, 2018):

Do you have two different firejail installations? What does which -a firejail say? When you have firejail in /usr/local/bin, you would need to create/edit firejail.users in /usr/local/etc.

Also note that this file is not created by default any more, and firejail only cares when it exists.

<!-- gh-comment-id:435375104 --> @smitsohu commented on GitHub (Nov 2, 2018): Do you have two different firejail installations? What does `which -a firejail` say? When you have firejail in /usr/local/bin, you would need to create/edit firejail.users in /usr/local/etc. Also note that this file is not created by default any more, and firejail only cares when it exists.
gitea-mirror commented 2026-05-05 08:09:58 -06:00
Author
Owner
Copy link

@millerthegorilla commented on GitHub (Nov 6, 2018):

Firejail is at /usr/local/bin/firejail. The usernames are listed in /etc/firejail/firejail.users and also /usr/local/etc/firejail/firejail.users. There are two users, one of whom has a home partition, and does not have superuser privileges, and a superuser who has no home partition, and who is a member of the wheel group. They are both listed in the users file.

<!-- gh-comment-id:436175225 --> @millerthegorilla commented on GitHub (Nov 6, 2018): Firejail is at /usr/local/bin/firejail. The usernames are listed in /etc/firejail/firejail.users and also /usr/local/etc/firejail/firejail.users. There are two users, one of whom has a home partition, and does not have superuser privileges, and a superuser who has no home partition, and who is a member of the wheel group. They are both listed in the users file.
gitea-mirror commented 2026-05-05 08:09:59 -06:00
Author
Owner
Copy link

@millerthegorilla commented on GitHub (Nov 8, 2018):

Could it be a permissions issue? Is there a way of debugging or a resource anywhere that details how to go about debugging? Many thanks for your help..

<!-- gh-comment-id:436959401 --> @millerthegorilla commented on GitHub (Nov 8, 2018): Could it be a permissions issue? Is there a way of debugging or a resource anywhere that details how to go about debugging? Many thanks for your help..
gitea-mirror commented 2026-05-05 08:09:59 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Nov 8, 2018):

It shouldn't be a permission issue, but it makes sense to check! Just inspect (or paste here the output of) ls -l /etc/firejail/firejail.users and ls -l /usr/local/etc/firejail/firejail.users, these files must be world-readable.

Hard to tell what's going wrong. If you are not interested in the user database and just want firejail to work instantly, you can simply delete these files (firejail version 0.9.56 and later).

Otherwise, one thing you might want to try is renaming them (for later inspection) and manually create new files in their place. Regarding the format: a user name in the firejail.users file must match exactly the user name in /etc/passwd, including empty spaces or tabs if there are any, though I doubt this is the issue here... reading and understanding /etc/passwd is quite easy, there exists a man page for it: man 5 passwd.

<!-- gh-comment-id:437099000 --> @smitsohu commented on GitHub (Nov 8, 2018): It shouldn't be a permission issue, but it makes sense to check! Just inspect (or paste here the output of) `ls -l /etc/firejail/firejail.users` and `ls -l /usr/local/etc/firejail/firejail.users`, these files must be world-readable. Hard to tell what's going wrong. If you are not interested in the user database and just want firejail to work instantly, you can simply delete these files (firejail version 0.9.56 and later). Otherwise, one thing you might want to try is renaming them (for later inspection) and manually create new files in their place. Regarding the format: a user name in the firejail.users file must match exactly the user name in /etc/passwd, including empty spaces or tabs if there are any, though I doubt this is the issue here... reading and understanding /etc/passwd is quite easy, there exists a man page for it: `man 5 passwd`.
gitea-mirror commented 2026-05-05 08:09:59 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Nov 8, 2018):

When I run a command, such as less, I get the above error but the command runs none-the-less.

Rereading your posts, this sounds interesting... but not sure I understand it right. Can you please run less on a dummy file and paste the output here? Thanks.

<!-- gh-comment-id:437116618 --> @smitsohu commented on GitHub (Nov 8, 2018): > When I run a command, such as less, I get the above error but the command runs none-the-less. Rereading your posts, this sounds interesting... but not sure I understand it right. Can you please run less on a dummy file and paste the output here? Thanks.
gitea-mirror commented 2026-05-05 08:10:00 -06:00
Author
Owner
Copy link

@millerthegorilla commented on GitHub (Nov 9, 2018):

less bob
Error: the user is not allowed to use Firejail. Please add the user in /usr/local/etc/firejail/firejail.users file, either by running "sudo firecfg", or by editing the file directly.
See "man firejail-users" for more details.

bob being a text file with some random chars in. It displays fine, but like all other processes, firejail does not start.

<!-- gh-comment-id:437425100 --> @millerthegorilla commented on GitHub (Nov 9, 2018): less bob Error: the user is not allowed to use Firejail. Please add the user in /usr/local/etc/firejail/firejail.users file, either by running "sudo firecfg", or by editing the file directly. See "man firejail-users" for more details. bob being a text file with some random chars in. It displays fine, but like all other processes, firejail does not start.
gitea-mirror commented 2026-05-05 08:10:00 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Nov 9, 2018):

Right, my bad, sorry. This is expected behavior, somehow I still had the old behavior in mind.

I'll see if we can add some diagnostic code in git.

<!-- gh-comment-id:437479073 --> @smitsohu commented on GitHub (Nov 9, 2018): Right, my bad, sorry. This is expected behavior, somehow I still had the old behavior in mind. I'll see if we can add some diagnostic code in git.
gitea-mirror commented 2026-05-05 08:10:01 -06:00
Author
Owner
Copy link

@millerthegorilla commented on GitHub (Nov 10, 2018):

Hi, actually, my bad. Have now checked firejail.users files and they weren't world readable. I have changed their permissions appropriately to 0644 and everything is fine again.
Thanks!

<!-- gh-comment-id:437577944 --> @millerthegorilla commented on GitHub (Nov 10, 2018): Hi, actually, my bad. Have now checked firejail.users files and they weren't world readable. I have changed their permissions appropriately to 0644 and everything is fine again. Thanks!
gitea-mirror commented 2026-05-05 08:10:01 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Nov 10, 2018):

I think this should not happen, it is actually a bug.

<!-- gh-comment-id:437581476 --> @smitsohu commented on GitHub (Nov 10, 2018): I think this should not happen, it is actually a bug.
gitea-mirror commented 2026-05-05 08:10:02 -06:00
Author
Owner
Copy link

@smitsohu commented on GitHub (Nov 11, 2018):

@millerthegorilla Thanks for the report!

<!-- gh-comment-id:437632256 --> @smitsohu commented on GitHub (Nov 11, 2018): @millerthegorilla Thanks for the report!
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1495
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?