[linux-elitists] Browser plugins and write permissions

Phil Mayers p.mayers@imperial.ac.uk
Sat Nov 20 05:44:07 PST 2004

On Fri, Nov 19, 2004 at 07:21:59PM -0800, Rick Moen wrote:
>I'm wondering if anyone has a better solution to this problem, and am
>betting someone already does:
>You find yourself wanting to install some plug-in for your Web browser.
>In olden days, it would be a tarball that you'd extract, give the hairy
>eyeball for a while, then chown some appropriate directory long enough
>to give your regular login the right to install the necessary pieces,
>then put them in place using your regular user privilege, then chown the
>directory back.  
>Some variant on this regimen generally worked on even rather twisted
>installers -- but now we have things like XUL .xpi files, which might be
>installable outside the browser, but I'm not immediately sure how.
>Everyone seems to expect that you'll just start up the browser with root
>authority and clickity-click the thing in.

Pardon? What an appalling notion.

I've not got a hojillion[1] plugins installed by any means, but the few 
essential FireFox ones I do have (AdBlock, Web Developer, Sage, 
SwitchProxy) are all in .whateveritis, as is Java (though the latter 
requires "java" be in the path, as well as the .so be in the plugins dir 
- eeew).

...in fact, I've just looked and the whole of Firefox is in my homedir 
as a result of laziness post-download.

Not exactly a scalable package-managed system, but it's my desktop and 
not shared, and no-one runs browsers on non-desktop systems... right?

>Me, I'd walk a long ways around before running a Web browser, especially
>something the size and complexity of Mozilla code, under UID zero.  So,

I would rather stab myself in the eyeball than run a browser as root. 
Explaining this to my boss as one of the many reasons for Linux on my 
desktop took a long time, until he got done over by IE-launched spyware 
and had his PC threatened with forcible removal from the netops 
subnet... He runs firefox on win32 now.

[1] Hojillion - unit of measure of something very, very valueless; see

>my half-assed spur-of-the-moment solution was to recursively chown both
>/var/lib/mozilla-firefox and /usr/lib/mozilla-firefox to rick:rick, do
>the clickity-click thing as user rick, and then chown the directories
>Is there a better way, (moreover) one more clueful about this being a
>multi-user environment?   Would it make sense to have a firefox-plugins

Ah, now there you're asking. I believe that Debian has such plugins as 

Although personally I'm not entirely sure I trust anyone to be putting a 
plugin into a directory where my browser will load it, even if they are 
in a Unix group. I'm certainly not ready to rule out the possibility of 
an exploitable bug in the notional install mechanism.

>group, to which users trusted with that some bundle of write privileges
>could belong?  Or some better solution that just isn't occuring to me?
>And why do (to my knowledge) no Linux distributions have any mechanism
>to deal with this problem, short of expecting people to run large Web
>browsers with root authority?

I'm guessing most people run browsers on Linux systems where only one 
user has the desktop, so lots of people needing the same plugin is rare.  
And honestly, with Mozillas from this millennium, I've never needed to be 
root (for any plugin I'd actually *trust* anyway).

It occurs to me that this was the kind of thing NFS mounting /usr was 
designed to handle if you have a multi-machine installation; you could 
have a central /usr/lib/mozilla directory.


More information about the linux-elitists mailing list