From 75311732cc354f8c5aaf4468313822c104b50c9e Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Sun, 8 Apr 2018 14:29:55 -0400
Subject: firejail user access database

---
 src/man/firecfg.txt          | 23 ++++++++++++++++++++++
 src/man/firejail-login.txt   |  3 ++-
 src/man/firejail-profile.txt |  3 ++-
 src/man/firejail-users.txt   | 45 ++++++++++++++++++++++++++++++++++++++++++++
 src/man/firejail.txt         |  3 ++-
 src/man/firemon.txt          |  1 +
 6 files changed, 75 insertions(+), 3 deletions(-)
 create mode 100644 src/man/firejail-users.txt

(limited to 'src/man')

diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt
index e7a7ef6d9..fc0bbcee4 100644
--- a/src/man/firecfg.txt
+++ b/src/man/firecfg.txt
@@ -30,8 +30,30 @@ installing new programs. If the program is supported by Firejail, the symbolic l
 will be created. For a full list of programs supported by default run "cat /usr/lib/firejail/firecfg.config".
 
 For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR.
+.SH DEFAULT ACTIONS
+The following actions are implemented by default by running sudo firecfg:
+
+.RS
+- set or update the symbolic links for desktop integration;
+.br
+
+.br
+- add the current user to Firejail user access database (firecfg --add-users);
+.br
+
+.br
+-fix desktop files in $HOME/.local/share/applications/ (firecfg --fix).
+.RE
 
 .SH OPTIONS
+.TP
+\fB\-\-add-users user [user]
+Add the list of users to Firejail user access databaseRemove all firejail symbolic links.
+
+Example:
+.br
+$ sudo firecfg --add-users dustin lucas mike eleven
+
 .TP
 \fB\-\-clean
 Remove all firejail symbolic links.
@@ -102,3 +124,4 @@ Homepage: https://firejail.wordpress.com
 \&\flfiremon\fR\|(1),
 \&\flfirejail-profile\fR\|(5),
 \&\flfirejail-login\fR\|(5)
+\&\flfirejail-users\fR\|(5)
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt
index 29030ba45..c2fa63dc4 100644
--- a/src/man/firejail-login.txt
+++ b/src/man/firejail-login.txt
@@ -1,4 +1,4 @@
-.TH FIREJAIL-LOGIN 5 "MONTH YEAR" "VERSION" "firejail login.users man page"
+.TH FIREJAIL-LOGIN 5 "MONTH YEAR" "VERSION" "login.users man page"
 .SH NAME
 login.users \- Login file syntax for Firejail
 
@@ -38,3 +38,4 @@ Homepage: https://firejail.wordpress.com
 \&\flfiremon\fR\|(1),
 \&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5)
+\&\flfirejail-users\fR\|(5)
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 4b6e9766f..b529f63e3 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -232,7 +232,7 @@ All modifications are discarded when the sandbox is closed.
 .TP
 \fBprivate-lib file,directory
 Build a new /lib directory and bring in the libraries required by the application to run.
-This feature is still under development, see man 1 firejail for some examples.
+This feature is still under development, see \fBman 1 firejail\fR for some examples.
 .TP
 \fBprivate-opt file,directory
 Build a new /optin a temporary
@@ -610,3 +610,4 @@ Homepage: https://firejail.wordpress.com
 \&\flfiremon\fR\|(1),
 \&\flfirecfg\fR\|(1),
 \&\flfirejail-login\fR\|(5)
+\&\flfirejail-users\fR\|(5)
diff --git a/src/man/firejail-users.txt b/src/man/firejail-users.txt
new file mode 100644
index 000000000..ac9c1f621
--- /dev/null
+++ b/src/man/firejail-users.txt
@@ -0,0 +1,45 @@
+.TH FIREJAIL-USERS 5 "MONTH YEAR" "VERSION" "firejail.users man page"
+.SH NAME
+firejail.users \- Firejail user access database
+
+.SH DESCRIPTION
+/etc/firejail/firejail.users lists the users allowed to run firejail SUID executable.
+If the file is not present in the system, all users are allowed to use the sandbox.
+root user is allowed by default.
+
+Example:
+
+	$ cat /etc/firejail/firejail.users
+.br
+	dustin
+.br
+	lucas
+.br
+	mike
+.br
+	eleven
+
+Use a text editor to add or remove users from the list. You can also use firecfg \-\-add-users
+command. Example:
+
+	$ sudo firecfg --add-users dusting lucas mike eleven
+
+By default, running firecfg creates the file and adds the current user to the list. Example:
+
+	$ sudo firecfg
+
+See \fBman 1 firecfg\fR for details.
+
+.SH FILES
+/etc/firejail/firejail.users
+
+.SH LICENSE
+Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+.PP
+Homepage: https://firejail.wordpress.com
+.SH SEE ALSO
+\&\flfirejail\fR\|(1),
+\&\flfiremon\fR\|(1),
+\&\flfirecfg\fR\|(1),
+\&\flfirejail-profile\fR\|(5)
+\&\flfirejail-login\fR\|(5)
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index e55d01253..6e8e4eb2c 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -2691,7 +2691,7 @@ Child process initialized
 [...]
 .RE
 
-See man 5 firejail-profile for profile file syntax information.
+See \fBman 5 firejail-profile\fR for profile file syntax information.
 
 .SH RESTRICTED SHELL
 To configure a restricted shell, replace /bin/bash with /usr/bin/firejail in
@@ -2739,3 +2739,4 @@ Homepage: https://firejail.wordpress.com
 \&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5),
 \&\flfirejail-login\fR\|(5)
+\&\flfirejail-users\fR\|(5)
diff --git a/src/man/firemon.txt b/src/man/firemon.txt
index 91c59af4d..9cae72b54 100644
--- a/src/man/firemon.txt
+++ b/src/man/firemon.txt
@@ -111,3 +111,4 @@ Homepage: http://firejail.wordpress.com
 \&\flfirecfg\fR\|(1),
 \&\flfirejail-profile\fR\|(5),
 \&\flfirejail-login\fR\|(5)
+\&\flfirejail-users\fR\|(5)
-- 
cgit v1.2.3-70-g09d2