github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

[GH-ISSUE #3841] Permission denied - runnig is as a normal user [SOLVED] #2418

New issue

Closed

opened 2026-05-05 09:05:38 -06:00 by gitea-mirror · 8 comments

gitea-mirror commented

2026-05-05 09:05:38 -06:00

Owner

Originally created by @chrisfxwolf on GitHub (Dec 20, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3841

Hi,
I moved from KDE Neon to openSUSE. I'm not an advanced user.
Firejail wont start as a $ (normal user).
Example

$firejail --version
$bash: /usr/bin/firejail: Permission denied

however:

$ ls -al /usr/bin/firejail
-rwsr-x--- 1 root firejail 388840 Aug 11 16:46 /usr/bin/firejail

I installed firejail form opensuse repositories, list of installing used zypper:

1 new package to install.
Overall download size: 516.5 KiB. Already cached: 0 B. After the operation, additional 1.5 MiB will be used.
Continue? [y/n/v/...? shows all options] (y): Retrieving package firejail-0.9.62-lp152.3.3.1.x86_64 (1/1), 516.5 KiB ( 1.5 MiB unpacked)
Retrieving: firejail-0.9.62-lp152.3.3.1.x86_64.rpm [done]

Checking for file conflicts: [.......done]
(1/1) Installing: firejail-0.9.62-lp152.3.3.1.x86_64 [............done]

Hence all looks all right. I was reading documentation and done steps. But...

My system

Firejail instaled from openSUSE repositories

Operating System: openSUSE Leap 15.2
KDE Plasma Version: 5.18.6
KDE Frameworks Version: 5.71.0
Qt Version: 5.12.7
Kernel Version: 5.3.18-lp152.57-default
OS Type: 64-bit
Processors: 8 × Intel® Xeon® CPU W3530 @ 2.80GHz
Memory: 31.3 GiB of RAM

Originally created by @chrisfxwolf on GitHub (Dec 20, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3841 Hi, I moved from KDE Neon to openSUSE. I'm not an advanced user. Firejail wont start as a $ (normal user). Example $firejail --version $bash: /usr/bin/firejail: Permission denied however: $ ls -al /usr/bin/firejail -rwsr-x--- 1 root firejail 388840 Aug 11 16:46 /usr/bin/firejail I installed firejail form opensuse repositories, list of installing used zypper: 1 new package to install. Overall download size: 516.5 KiB. Already cached: 0 B. After the operation, additional 1.5 MiB will be used. Continue? [y/n/v/...? shows all options] (y): Retrieving package firejail-0.9.62-lp152.3.3.1.x86_64 (1/1), 516.5 KiB ( 1.5 MiB unpacked) Retrieving: firejail-0.9.62-lp152.3.3.1.x86_64.rpm [done] Checking for file conflicts: [.......done] (1/1) Installing: firejail-0.9.62-lp152.3.3.1.x86_64 [............done] Hence all looks all right. I was reading documentation and done steps. But... My system Firejail instaled from openSUSE repositories Operating System: openSUSE Leap 15.2 KDE Plasma Version: 5.18.6 KDE Frameworks Version: 5.71.0 Qt Version: 5.12.7 Kernel Version: 5.3.18-lp152.57-default OS Type: 64-bit Processors: 8 × Intel® Xeon® CPU W3530 @ 2.80GHz Memory: 31.3 GiB of RAM

gitea-mirror closed this issue

2026-05-05 09:05:39 -06:00

gitea-mirror commented

2026-05-05 09:05:40 -06:00

Author

Owner

@smitsohu commented on GitHub (Dec 20, 2020):

$ ls -al /usr/bin/firejail
-rwsr-x--- 1 root firejail 388840 Aug 11 16:46 /usr/bin/firejail

In openSUSE, Firejail can be used only by members of the firejail group. So if you are not a member of this group already, you will need to add yourself.

To check which groups you are a member of: groups
To add yourself to the firejail group: sudo usermod -a -G firejail $USER

@smitsohu commented on GitHub (Dec 20, 2020): > $ ls -al /usr/bin/firejail > -rwsr-x--- 1 root firejail 388840 Aug 11 16:46 /usr/bin/firejail In openSUSE, Firejail can be used only by members of the firejail group. So if you are not a member of this group already, you will need to add yourself. To check which groups you are a member of: `groups` To add yourself to the firejail group: `sudo usermod -a -G firejail $USER`

gitea-mirror commented

2026-05-05 09:05:41 -06:00

Author

Owner

@smitsohu commented on GitHub (Dec 20, 2020):

Ah, forgot. You need to logout and login for the changes to take effect.

@smitsohu commented on GitHub (Dec 20, 2020): Ah, forgot. You need to logout and login for the changes to take effect.

gitea-mirror commented

2026-05-05 09:05:42 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Dec 20, 2020):

You need to logout and login for the changes to take effect.

I tested Leap 15.2 the other day and needed a reboot to get it to apply for some
reason.

@SkewedZeppelin commented on GitHub (Dec 20, 2020): > You need to logout and login for the changes to take effect. I tested Leap 15.2 the other day and needed a reboot to get it to apply for some reason.

gitea-mirror commented

2026-05-05 09:05:43 -06:00

Author

Owner

@chrisfxwolf commented on GitHub (Dec 20, 2020):

As I understand I need as root:

addgroup firejail

Shoud I need to change owner???

chown root:firejail /usr/bin/firejail
chmod 4750 /usr/bin/firejail

and add myself

usermod -a -G firejail [ my username]

..and

logout and login back or reboot

@chrisfxwolf commented on GitHub (Dec 20, 2020): As I understand I need as root: addgroup firejail > Shoud I need to change owner??? > > chown root:firejail /usr/bin/firejail > chmod 4750 /usr/bin/firejail > and add myself usermod -a -G firejail [ my username] ..and logout and login back or reboot

gitea-mirror commented

2026-05-05 09:05:44 -06:00

Author

Owner

@SkewedZeppelin commented on GitHub (Dec 20, 2020):

no, openSUSE package already adds the group and sets the correct permissions.

You should only need the command to add yourself to the group:
usermod -a -G firejail $user;

@SkewedZeppelin commented on GitHub (Dec 20, 2020): no, openSUSE package already adds the group and sets the correct permissions. You should only need the command to add yourself to the group: usermod -a -G firejail $user;

gitea-mirror commented

2026-05-05 09:05:44 -06:00

Author

Owner

@chrisfxwolf commented on GitHub (Dec 20, 2020):

Yes is working. I think so that original documentation have a mess.
Which say:

# addgroup firejail
# chown root:firejail /usr/bin/firejail
# chmod 4750 /usr/bin/firejail

This give me a mess in the groups. Which are done (as you mentioned) by firejail.
As a result is:

$ ls -al /usr/bin/firejail
-rwsr-x--- 1 root firejail 388840 Aug 11 16:46 /usr/bin/firejail

SOLUTION

So after install firejail we need:

usermod -a -G firejail [username]

...and
restart computer. Somebody mentioned to logout. In my case is not working ;-)

Hence, this subject I consider it close.

Thank You guys!!!

Ps.

However, it not an easy. Now Thunderbird is not working.
As well clementine icon in KDE panel was disappearing

I'll be looking for solution by myself.

@chrisfxwolf commented on GitHub (Dec 20, 2020): Yes is working. I think so that original [documentation](https://firejail.wordpress.com/support/) have a mess. Which say: ``` # addgroup firejail # chown root:firejail /usr/bin/firejail # chmod 4750 /usr/bin/firejail ``` This give me a mess in the groups. Which are done (as you mentioned) by firejail. As a result is: ``` $ ls -al /usr/bin/firejail -rwsr-x--- 1 root firejail 388840 Aug 11 16:46 /usr/bin/firejail ``` # SOLUTION * So after install firejail we need: ``` usermod -a -G firejail [username] ``` * ...and restart computer. Somebody mentioned to logout. In my case is not working ;-) # Hence, this subject I consider it close. Thank You guys!!! Ps. However, it not an easy. Now Thunderbird is not working. As well clementine icon in KDE panel was disappearing I'll be looking for solution by myself.

gitea-mirror commented

2026-05-05 09:05:45 -06:00

Author

Owner

@smitsohu commented on GitHub (Dec 20, 2020):

Somewhat offtopic: There are a number of openSUSE related fixes in git which are not contained in 0.9.62. So if following git is an option I would actually recommend that.

Don't know if it would be possible to convince the openSUSE package maintainer to ship upcoming Firejail release 0.9.66 in Leap 15.3. It seems that openSUSE is somewhat less dogmatic about package upgrades than some other distributions.

@smitsohu commented on GitHub (Dec 20, 2020): Somewhat offtopic: There are a number of openSUSE related fixes in git which are not contained in 0.9.62. So if following git is an option I would actually recommend that. Don't know if it would be possible to convince the openSUSE package maintainer to ship upcoming Firejail release 0.9.66 in Leap 15.3. It seems that openSUSE is somewhat less dogmatic about package upgrades than some other distributions.

gitea-mirror commented

2026-05-05 09:05:45 -06:00

Author

Owner

@chrisfxwolf commented on GitHub (Dec 20, 2020):

Hmm.. I think so Tumbleweed will have newest firejail. But T is not for me. I was using KDE Neon. Very good distro.
But, I need STABLE distro. That I was changing to openSUSE Leap. I'm not a gamer. And I don't care that some packages are old. However, I'm just considering to give up firejail which was easy to management on KDE Neon by firetool (which is not in suse repositories or flatpak). And learn apparmor. This little mess which firejail made (I made too) on my system (thanks suse for snapshot) is not what I expected. Ok, we finish this off-topic, before admin will kill us ;-).

@chrisfxwolf commented on GitHub (Dec 20, 2020): Hmm.. I think so Tumbleweed will have newest firejail. But T is not for me. I was using KDE Neon. Very good distro. But, I need STABLE distro. That I was changing to openSUSE Leap. I'm not a gamer. And I don't care that some packages are old. However, I'm just considering to give up firejail which was easy to management on KDE Neon by firetool (which is not in suse repositories or flatpak). And learn apparmor. This little mess which firejail made (I made too) on my system (thanks suse for snapshot) is not what I expected. Ok, we finish this off-topic, before admin will kill us ;-).

gitea-mirror referenced this issue

2026-05-05 10:17:24 -06:00

[PR #2418] [MERGED] Alphabetize fixes for webstorm.profile #4295

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2418

No description provided.

Rows
Columns