build: simplify code related to man pages

Simplify the main targets and use wildcards instead of repeating the filenames manually. Also, restore the `man` target and building only when `HAVE_MAN` is enabled. Note: Make automatically removes intermediate files (.1 and .5), so in general only the .gz files have to be cleaned. Commands used to rename the man pages: cd src/man git mv firecfg.txt firecfg.1.in git mv firejail-login.txt firejail-login.5.in git mv firejail-profile.txt firejail-profile.5.in git mv firejail-users.txt firejail-users.5.in git mv firejail.txt firejail.1.in git mv firemon.txt firemon.1.in git mv jailcheck.txt jailcheck.1.in This is kind of a follow-up to commit 9e206b7f2 ("rework src/man Makefile", 2023-07-07).
author: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-07-12 01:55:07 -0300
committer: Kelvin M. Klann <kmk3.code@protonmail.com> 2023-07-13 11:43:53 -0300
commit: 76bd5ad0f8347bc111c30f67b2eb151c2e5870ed (patch)
tree: 3fd235c83d6ce45451abc80dca27420203d3aad6 /src/man/firejail-users.5.in
parent: build: restore seccomp filter targets (diff)
download: firejail-76bd5ad0f8347bc111c30f67b2eb151c2e5870ed.tar.gz
firejail-76bd5ad0f8347bc111c30f67b2eb151c2e5870ed.tar.zst
firejail-76bd5ad0f8347bc111c30f67b2eb151c2e5870ed.zip
1 files changed, 63 insertions, 0 deletions
diff --git a/src/man/firejail-users.5.in b/src/man/firejail-users.5.in
new file mode 100644
index 000000000..7aa151680
--- /dev/null
+++ b/src/man/firejail-users.5.in
@@ -0,0 +1,63 @@
+.TH FIREJAIL-USERS 5 "MONTH YEAR" "VERSION" "firejail.users man page"
+.SH NAME
+firejail.users \- Firejail user access database
+.SH DESCRIPTION
+/etc/firejail/firejail.users lists the users allowed to run firejail SUID executable.
+root user is allowed by default, user nobody is never allowed.
+If the user is not allowed to start the sandbox, Firejail will attempt to run the
+program without sandboxing it.
+If the file is not present in the system, all users are allowed to use the sandbox.
+Example:
+        $ cat /etc/firejail/firejail.users
+.br
+        dustin
+.br
+        lucas
+.br
+        mike
+.br
+        eleven
+Use a text editor to add or remove users from the list. You can also use firecfg \-\-add-users
+command. Example:
+        $ sudo firecfg --add-users dustin lucas mike eleven
+By default, running firecfg creates the file and adds the current user to the list. Example:
+        $ sudo firecfg
+See \fBman 1 firecfg\fR for details.
+.SH ALTERNATIVE SOLUTION
+An alternative way of restricting user access to firejail executable is to create a special firejail user group and
+allow only users in this group to run the sandbox:
+        # addgroup --system firejail
+.br
+        # chown root:firejail /usr/bin/firejail
+.br
+        # chmod 4750 /usr/bin/firejail
+.SH FILES
+/etc/firejail/firejail.users
+.SH LICENSE
+Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+.PP
+Homepage: https://firejail.wordpress.com
+.SH SEE ALSO
+.BR firejail (1),
+.BR firemon (1),
+.BR firecfg (1),
+.BR firejail-profile (5),
+.BR firejail-login (5),
+.BR jailcheck (1)
+.\" vim: set filetype=groff :
author	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-07-12 01:55:07 -0300
committer	Kelvin M. Klann <kmk3.code@protonmail.com>	2023-07-13 11:43:53 -0300
commit	76bd5ad0f8347bc111c30f67b2eb151c2e5870ed (patch)
tree	3fd235c83d6ce45451abc80dca27420203d3aad6 /src/man/firejail-users.5.in
parent	build: restore seccomp filter targets (diff)
download	firejail-76bd5ad0f8347bc111c30f67b2eb151c2e5870ed.tar.gz firejail-76bd5ad0f8347bc111c30f67b2eb151c2e5870ed.tar.zst firejail-76bd5ad0f8347bc111c30f67b2eb151c2e5870ed.zip

diff --git a/src/man/firejail-users.5.in b/src/man/firejail-users.5.in new file mode 100644 index 000000000..7aa151680 --- /dev/null +++ b/src/man/firejail-users.5.in
@@ -0,0 +1,63 @@
	1	.TH FIREJAIL-USERS 5 "MONTH YEAR" "VERSION" "firejail.users man page"
	2	.SH NAME
	3	firejail.users \- Firejail user access database
	4
	5	.SH DESCRIPTION
	6	/etc/firejail/firejail.users lists the users allowed to run firejail SUID executable.
	7	root user is allowed by default, user nobody is never allowed.
	8
	9	If the user is not allowed to start the sandbox, Firejail will attempt to run the
	10	program without sandboxing it.
	11
	12	If the file is not present in the system, all users are allowed to use the sandbox.
	13
	14	Example:
	15
	16	$ cat /etc/firejail/firejail.users
	17	.br
	18	dustin
	19	.br
	20	lucas
	21	.br
	22	mike
	23	.br
	24	eleven
	25
	26	Use a text editor to add or remove users from the list. You can also use firecfg \-\-add-users
	27	command. Example:
	28
	29	$ sudo firecfg --add-users dustin lucas mike eleven
	30
	31	By default, running firecfg creates the file and adds the current user to the list. Example:
	32
	33	$ sudo firecfg
	34
	35	See \fBman 1 firecfg\fR for details.
	36
	37	.SH ALTERNATIVE SOLUTION
	38	An alternative way of restricting user access to firejail executable is to create a special firejail user group and
	39	allow only users in this group to run the sandbox:
	40
	41	# addgroup --system firejail
	42	.br
	43	# chown root:firejail /usr/bin/firejail
	44	.br
	45	# chmod 4750 /usr/bin/firejail
	46
	47
	48	.SH FILES
	49	/etc/firejail/firejail.users
	50
	51	.SH LICENSE
	52	Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License
	53	as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
	54	.PP
	55	Homepage: https://firejail.wordpress.com
	56	.SH SEE ALSO
	57	.BR firejail (1),
	58	.BR firemon (1),
	59	.BR firecfg (1),
	60	.BR firejail-profile (5),
	61	.BR firejail-login (5),
	62	.BR jailcheck (1)
	63	.\" vim: set filetype=groff :