[linux-elitists] Browser plugins and write permissions

Steven Critchfield le@drunkenlogic.com
Fri Nov 19 20:14:09 PST 2004


On Fri, 2004-11-19 at 19:21 -0800, Rick Moen wrote:

> Some variant on this regimen generally worked on even rather twisted
> installers -- but now we have things like XUL .xpi files, which might be
> installable outside the browser, but I'm not immediately sure how.
> Everyone seems to expect that you'll just start up the browser with root
> authority and clickity-click the thing in.
> 
> Me, I'd walk a long ways around before running a Web browser, especially
> something the size and complexity of Mozilla code, under UID zero.  So,
> my half-assed spur-of-the-moment solution was to recursively chown both
> /var/lib/mozilla-firefox and /usr/lib/mozilla-firefox to rick:rick, do
> the clickity-click thing as user rick, and then chown the directories
> back.
> 
> Is there a better way, (moreover) one more clueful about this being a
> multi-user environment?   Would it make sense to have a firefox-plugins
> group, to which users trusted with that some bundle of write privileges
> could belong?  Or some better solution that just isn't occuring to me?

Depends on what you care about in a multiuser environment. Mozilla has
the option to store the new .xpi chrome apps in a user specific
directory. This means you could have get by with no tricky user switch
tricks and the extra chrome you add for yourself doesn't affect the
stability of the other users. The trouble is that it is part of the
installer and therefore mostly up to the maintainer to decide whether or
not the chrome app will live in per user directories or in the main
chrome directory.  

> And why do (to my knowledge) no Linux distributions have any mechanism
> to deal with this problem, short of expecting people to run large Web
> browsers with root authority?

I thought debian handled the more popular ones pretty well by taking
care of packageing them up and installing them globally for you. It
doesn't handle the ones that aren't already packaged or configured to
install to your home directory. 
-- 
Steven Critchfield <le@drunkenlogic.com>




More information about the linux-elitists mailing list