Running Firefox as Another User

I don't trust Firefox very much. I don't want it to be able to read or write files in my home directory. A very simple and not at all complete sandbox is to run Firefox as another user but still use your display. Here's one way to do it.

My user, mc, and the Firefox user mcff are both members of the same Unix group, also called mcff.

When logged in as mc I start Firefox with a script I call fireweb:

#! /bin/sh

umask 027
xauth extract - $DISPLAY > /tmp/foo.txt
chgrp mcff /tmp/foo.txt
su -l mcff /home/mcff/bin/fireweb $DISPLAY
rm /tmp/foo.txt

The mcff user has his own fireweb script which I have placed in /home/mcff/bin/fireweb as per the script above. It looks like this:

#! /bin/sh

xauth merge /tmp/foo.txt
export DISPLAY=$1
firefox &

That's it. When I invoke fireweb as mc the actual Firefox process will run as the mcff user and with mcff's permissions. If I have set the permissions of my home directory so that mcff can't read the files, then neither should Firefox be able to read them.

Please note that if you have special configurations such as .fonts.conf and a .gtkrc-2.0 you want to copy them to the Firefox user's home directory as well.

Of course, if you want to keep your Firefox settings you will also have to copy the .mozilla directory to ~mcff.

This text was originally a part of a Swedish blog post in October, 2010, Firefox som annan användare. It was inspired by a conversation with Martin “cosis” Samuelsson.

Last updated: <2012-02-23 07:58:27 MET>