removed --user

7 files changed, 6 insertions, 129 deletions

diff --git a/README.md b/README.md
index c4d2907af..c16a32e62 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,10 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/
 `````
 # Current development version: 0.9.41
 
+## Deprecated --user
+
+--user option was deprecated, please use "sudo -u username firejail application" instead.
+
 ## AppImage
 
 AppImage (http://appimage.org/) is a distribution-agnostic packaging format.
diff --git a/RELNOTES b/RELNOTES
index 788bfe407..20e7df7f1 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,8 +1,9 @@
 firejail (0.9.41) baseline; urgency=low
   * work in progress...
+  * deprecated --user option, please use "sudo -u username firejail" instead
   * AppImage support (--appimage)
   * Sandbox auditing support (--audit)
-  * Remove environment variable (--rmenv)
+  * remove environment variable (--rmenv)
   * include /dev/snd in --private-dev
   * added mkfile profile command
   * seccomp filter updated
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 590646f23..c18dacbbb 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -545,9 +545,6 @@ void fs_logger_print_log(pid_t pid);
 // run_symlink.c
 void run_symlink(int argc, char **argv);
 
-// user.c
-void check_user(int argc, char **argv);
-
 // paths.c
 char **build_paths(void);
 
diff --git a/src/firejail/main.c b/src/firejail/main.c
index a0225be15..35f825a07 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -900,7 +900,6 @@ int main(int argc, char **argv) {
         else {
                 // check --output option and execute it;
                 check_output(argc, argv); // the function will not return if --output option was found
-                check_user(argc, argv); // the function will not return if --user option was found
         }
         
         
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index b67300618..6b7a666db 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -252,7 +252,6 @@ void usage(void) {
         printf("    --tracelog - add a syslog message for every access to files or\n");
         printf("\tdirectoires blacklisted by the security profile.\n\n");
         printf("    --tree - print a tree of all sandboxed processes.\n\n");
-        printf("    --user=new_user - switch the user before starting the sandbox.\n\n");
         printf("    --version - print program version and exit.\n\n");
 #ifdef HAVE_WHITELIST   
         printf("    --whitelist=dirname_or_filename - whitelist directory or file.\n\n");
diff --git a/src/firejail/user.c b/src/firejail/user.c
deleted file mode 100644
index a2f34392c..000000000
--- a/src/firejail/user.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (C) 2014-2016 Firejail Authors
- *
- * This file is part of firejail project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
-#include "firejail.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <grp.h>
-#include <pwd.h>
-
-
-void check_user(int argc, char **argv) {
-        EUID_ASSERT();
-        int i;
-        char *user = NULL;
-
-        int found = 0;
-        for (i = 1; i < argc; i++) {
-                // check options
-                if (strcmp(argv[i], "--") == 0)
-                        break;
-                if (strncmp(argv[i], "--", 2) != 0)
-                        break;
-                
-                // check user option            
-                if (strncmp(argv[i], "--user=", 7) == 0) {
-                        found = 1;
-                        user = argv[i] + 7;
-                        break;
-                }
-        }
-        if (!found)
-                return;
-
-        // check root
-        if (getuid() != 0) {
-                fprintf(stderr, "Error: you need to be root to use --user command line option\n");
-                exit(1);
-        }
-        
-        // switch user
-        struct passwd *pw = getpwnam(user);
-        if (!pw) {
-                fprintf(stderr, "Error: cannot find user %s\n", user);
-                exit(1);
-        }
-
-        printf("Switching to user %s, UID %d, GID %d\n", user, pw->pw_uid, pw->pw_gid);
-        int rv = initgroups(user, pw->pw_gid);
-        if (rv == -1) {
-                perror("initgroups");
-                fprintf(stderr, "Error: cannot switch to user %s\n", user);
-        }
-
-        rv = setgid(pw->pw_gid);
-        if (rv == -1) {
-                perror("setgid");
-                fprintf(stderr, "Error: cannot switch to user %s\n", user);
-        }
-
-        rv = setuid(pw->pw_uid);
-        if (rv == -1) {
-                perror("setuid");
-                fprintf(stderr, "Error: cannot switch to user %s\n", user);
-        }
-
-        // build the new command line
-        int len = 0;
-        for (i = 0; i < argc; i++) {
-                len += strlen(argv[i]) + 1; // + ' '
-        }
-        
-        char *cmd = malloc(len + 1); // + '\0'
-        if (!cmd)
-                errExit("malloc");
-        
-        char *ptr = cmd;
-        int first = 1;
-        for (i = 0; i < argc; i++) {
-                if (strncmp(argv[i], "--user=", 7) == 0 && first) {
-                        first = 0;
-                        continue;
-                }
-                
-                ptr += sprintf(ptr, "%s ", argv[i]);
-        }
-
-        // run command
-        char *a[4];
-        a[0] = "/bin/bash";
-        a[1] = "-c";
-        a[2] = cmd;
-        a[3] = NULL;
-
-        execvp(a[0], a); 
-
-        perror("execvp");
-        exit(1);
-}
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 8d20cf36b..7c9cd98de 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1485,15 +1485,7 @@ $ firejail \-\-tree
 11969:netblue:firejail \-\-net=eth0 transmission-gtk 
 .br
   11970:netblue:transmission-gtk 
-.TP
-\fB\-\-user=new-user
-Switch the user before starting the sandbox. This command should be run as root.
-.br
 
-.br
-Example:
-.br
-# firejail \-\-user=www-data
 .TP
 \fB\-\-version
 Print program version and exit.