# Sample /etc/sandbox.conf file # This is the minimum and maximum UIDs that sandbox will grab. # If the minimum is greater than the maximum, sandbox will # allocate UIDs in descending order. For security reasons, # sandbox will never use uid 0. MinUID 25000 MaxUID 29999 # AllowUser/DenyUser allow or disallow a given user to use sandbox, # with the special user "All" allowing all users. AllowGroup/DenyGroup # allow or disallow all members of a group, as reported by getgroups(2) # or getgid(2). Lines are applied in order, so only the last one # referencing the current user applies. You can specify more than one # user/group on a line by separating them with spaces. #AllowUser All #DenyGroup guest nobody DenyUser All AllowUser mike # NukeEnv removes all environment variables, except for TERM. sandbox # will still set the variables HOME, USER, LOGIN, and maybe some others. # It has the same effect as the -n flag. #NukeEnv # HomeDir sets the directory for creation of sandbox-uid home directories. # If HomeDirOverride is set, this is the default directory, otherwise # all home directories will be created in this one. HomeDir /usr/local/sandbox # SkelDir sets the directory whose contents are added to the list of # files to be copied on any invocation. It is not an error if this # directory does not exist. This directory and its contents must be # readable by the invoking uid (i.e. the user using sandbox). These # files are not copied if the -s option is given. SkelDir /etc/sandbox.skel # HomeDirOverride allows an entry in /etc/passwd to override the # home directory (normally HOME_DIR/uid or HOME_DIR/username). # If sandbox was compiled with ALLOW_PREEXISTING 0, sandbox will # never use a uid that exists in /etc/passwd, regardless of this # setting. #HomeDirOverride # SameGroup sets the group for all created uids; uids who exist # in /etc/passwd are unaffected by this option. sandbox will never # use group 0. #SameGroup sandbox # End of /etc/sandbox.conf