search

netblue30 / firejail

Linux namespaces and seccomp-bpf sandbox
https://firejail.wordpress.com
GNU General Public License v2.0
5.69k stars 557 forks source link

docs: addgroup should add system group not user group #3632

Open a1346054 opened 4 years ago

a1346054 commented 4 years ago

On https://firejail.wordpress.com/documentation-2/basic-usage/

it states:

# addgroup firejail
# chown root:firejail /usr/bin/firejail
# chmod 4750 /usr/bin/firejail

Would it not be preferable to use addgroup --system to create a system group with a GID < 1000 instead of a regular user group with a GID > 1000?

rusty-snake commented 3 years ago

@netblue30 ??

netblue30 commented 3 years ago

I'll leave it open for now to remember to modify the web page.

a1346054 commented 3 years ago

Any progress on this?

a1346054 commented 2 years ago

I'll leave it open for now to remember to modify the web page.

https://firejail.wordpress.com/documentation-2/basic-usage/ still uses addgroup without --system hence creating groups with gid >1000 (on debian), interfering with usual expectations.