calum.org is hosted on a linuxvps.org Linux Virtual Private Server. Why not get your own?
Running Firefox as another user, using sudo
Sat, 2007-04-21 10:33 — calum
As the browser is one of the most common points of entry into a system, it makes sense to do everything that is possible to secure it.
Any sane user will never browse the web as root (or an account with Administrator access in Windows*), as any malware would then be able to do anything on the whole machine.
* This is insane. If you do it, you deserve everything you get.
So, in Linux, of course I use my normal user account, and trust in the fact that Linux, on an AMD64 processor is fairly safe.
However, this means that should my browser be compromised, the only files it can alter/delete are the ones owned by my own user account. Which is pretty much everything.
So, although something bad wouldn't mean I'd have to reinstall my box, I'd have lost all my files.
To see what files and directories you have write access to now, try this:
find / \( -user $USER -perm +u=w \) -o \( -perm +o=w \)
Solution? Run your browser as another user.
/bin/su - adduser -m ff (Don't assign it a password) visudo
(If you don't have visudo, install sudo - emerge sudo)
This will open up a vi window.
Add the following lines to it
User_Alias X_USERS = yourusername Defaults:X_USERS env_reset Defaults:X_USERS env_keep += DISPLAY Defaults:X_USERS env_keep += XAUTHORITY yourusername yourhostname=(ff) NOPASSWD: /usr/bin/firefox
Then transfer your whole .mozilla dir to the ff user directory.
mv ~yourusername/.mozilla ~ff/ -iv chown ff:users ~ff/.mozilla/ -Rfv
Exit out of the root shell, back to your normal user account.
xhost 127.0.0.1
Add this to /etc/conf.d/local.start (In Gentoo) so you don't have to remember to run it each time.
sudo -u ff -H firefox
Change your standard Firefox launch icon to run this command each time.
You should see a Firefox window pop up, with all your old bookmarks, settings, etc. However, it's running now as "ff".
This means that you can't access any files that the user ff can't access. Which hopefully should include all your files.
Create a directory in ~ff/, and change the permissions to allow your normal user account to read and write files there. You can use this to copy files between your two accounts.
To see what files and directories ff can write to, run:
find . \( -user ff -perm +u=w \) -o \( -perm +o=w \)
It should be much less than before.
(In Windows, you can look into the runas command.)
You can also use this system for maintaining multiple brower "personalities" - so that advertisers can't link user A at site X with user B at site Y.
This was tested on Gentoo Linux, running KDE, and Firefox 2. It works for me.
For further browsing enjoyment, install the Adblock, NoScript, and Flashblock plugins, extensions, add ons (or whatever they're called this week).
- Login to post comments
Comments
Downloading files?
I suspect that this would restrict the possibility of saving files. A severe handicap. Do backup!
Nope - you just save into
Nope - you just save into ~ff/files/ and set the perms up so that your normal user account can read that directory. Conversely, if you want to upload a file that's in your home directory, copy it to ~ff/files/ first, and upload.
I've been using this system now for ages, and I hardly notice it.
sorry.
waste of time but i applaud your effort.
Unlikely you'll ever come
Unlikely you'll ever come back, but I'd be interested to know why you think it's a waste of time.
About 10 minutes work, and suddenly, the chances of a piece of malware trashing all your files is shrunk.
I prefer my solution:
Here is how I did it:
http://www.xs4all.nl/~hanb/documents/firefox_for_paranoid_people
Written in October 2006.
Other possible uses
Could this system be also applicable to solve other problems ?
As to use two different Firefox configurations, depending on the context of use (i.e. working behind a proxy at the office and with a direct connection outside, and with different security settings on both contexts).
A Very Interesting Idea
This looks like it would work, but I've never had any problems with malware using Linux. It seems like an unnecessary complication for browsing. Of course, I use the 'No Scripts' plug-in, which has javascript disabled by default for unknown sites. That may offer some protection.
So I guess my real question is, "How necessary is this precaution?"
"This looks like it would
"This looks like it would work"
It does. I've been using it for a few weeks now. No problems whatsoever.
Malware for Linux?
Yep, there isn't much. I just don't want to be the unlucky sod that gets hit by the first big Firefox exploit.
How necessary?
Depends. How annoyed would you be to lose all the files owned by $USER? How likely do you think it is? Calculate the risk/irritation/benefit factor.
For me, it's not much trouble, and it would be very useful if it saves my files. Therefore, the risk of it happening doesn't really factor in.
If it's easy to do, and no trouble, you might as well.
Good information for a
Good information for a beginner linux user. Most linux users seem to be a bit more advanced than windows users, in my opinion, and usually already know this type of stuff. It's a basic howto that explains running an application as another user. (the SUDO command). It's well documented in linux documentation.
I'm always glad to see people write this type of article tough, because it will eventually be helpful to somebody and it usually gives better examples than linux man pages. If nobody wrote articles such as this, then we'd be in trouble.
It has minor grammar error at the beginning of the message: "Any sane users" ("users" should be singular: "user")
Thanks for the grammar
Thanks for the grammar tip.
It was originally "Sane users...", and when I changed it, I forgot to change that too.
Yes, any proficient Linux user can find this information out, had they thought of it. But perhaps a few people will read this and think, hmm, that's really quite a good idea that wouldn't have thought of it otherwise.
Make sure that
Make sure that ~yourusername/.Xauthority is readable by user ff, or you'll get something like:
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
(firefox-bin:7693): Gtk-WARNING **: cannot open display