Running Firefox as a separate user

Posted on . Updated on .

A simple recipe to run Firefox as a separate user. With almost no drawbacks, this puts one more obstacle in the way of a remote attacker that wants to access your personal data.

First, create an account to run Firefox as. I use adduser for these tasks.

adduser webbrowser

You probably want to add the user to the typical audio and video groups so you can play web videos, etc.

Second, give your normal user permission to run Firefox as the new user, through sudo. This can be done by editing the /etc/sudoers file and adding a line like this one:

your_user ALL=(webbrowser) NOPASSWD: /usr/bin/firefox

Where "your_user" is your normal username. Third, this new user needs to be able to use your X server. Run the following from the X session, X init or window manager startup scripts:

xhost local:

And that’s it. You should be able to run it as sudo -u webbrowser firefox. You can launch it from a GUI launcher icon, or create a script that wraps this operation. By using a wrapper, you can set it for file associations in programs more easily depending on your desktop environment. I have $HOME/bin in my PATH, so I created $HOME/bin/firefox with the following contents.

cd /
exec sudo -u webbrowser -- /usr/bin/firefox "$@"

The original Firefox can still be launched with its full path or by creating a symlink with a slightly different name in a PATH directory.

Caution: an attacker exploiting a Firefox bug could still run code as the user running the Firefox process. They could still take screenshots, or log your key strokes or maybe launch programs and inject input events. Like I said, it’s only one more obstacle.

Safer but more inconvenient approaches could be:

  • Launching a second X server as a specific user and run Firefox there. This implies switching X servers from time to time, inability to copy and paste text from one server to another, etc.

  • Running Firefox inside a virtual machine, which uses an X server that in turn uses a virtual video driver, etc. This is also a bit inconvenient when downloading stuff, it takes more system resources, etc.

comments powered by Disqus