On 8 May 2016, in Newsgroups: alt.os.linux.mint, Subject: Re: Does Linux slow down over time?, BitTwister described launching Firefox as a different user. This is my implementation.
Consolidated alt.os.linux.mint post.
Full alt.os.linux.mint post.
Here's another sudo story, which means written in Linux. And, I'm sure there's a proper way to do this but this "works for me".
The distro I use does not provide sudo as a default utility, but I install and use it—just not to give users broad admin privileges. Typically, I have three-four users, with some doing limited tasks. I use sudo to switch to the user to do those tasks. This is how I run Firefox, Portable-Firefox, Chromium, or, mc as bobf in his /home directory while bob is doing the normal things that bob does.
I build the portable using a script from github, but modify it for my use. More on how I do it at the end of the story.
Here's the combination of steps I use to accomplish this. Just a note about my setup. I run PCLinuxOS/Xfce, and, normally use xfce4-terminal. In this case, my script launches XTerm. My screen is 1,920x1,080 and I position my XTerm window in the lower left. The positioning may need adjustment.
A note about security, that's the reason I use this method when accessing financial services. I am in a cleaner-than-normal environment, and it's better organized than my normal user. Firefox/Chrome opens to a local custom home page, that has only links to the services I am using. My brokerage account, for example, is only accessed this way, so, I only go there from an address I know is right. This supports that method. Since that is optional, the command "firefox /home/bobf/fin.html" can be replaced with "firefox" to get a default launch.
1 — Setup new user: I'm calling him bobf
Setup the user as desired and configure Firefox with addons, etc. I also use Chromium for some things, so do that. In addition, I use mc to manage files.
An important consideration is this user's Desktop is never logged-in, so do everything now.
2 — Create a file for the sudo
Note: this assumes the user running the script is bob and the Firefox user is bobf.
Create:/etc/sudoers.d/bobf
Another note: once the file is created the best way to edit is visudo -f /etc/sudoers.d/bobf, which will ensure it is correct.
The file content:
User_Alias BOBFERS=bob Cmnd_Alias BOBFF=/usr/local/bin/bobf-1 BOBFERS ALL=NOPASSWD: BOBFF
bobf-1 is run sudo, but it is not the one that launches the operation.
3 — Create scripts to launch the user bobf
Create two scripts. The first sets things up and runs the second sudo. I put the local scripts in /usr/local/bin.
I launch the first one from a panel launcher, and, that launches the second. While the bobf session is running, a fuchsia background XTerm window stays open, and, it closes with Firefox/Chrome/mc. That serves as a visual reminder—I am doing limited tasks as bobf, not general browsing.
The first script. Name:
/usr/local/bin/bobf-0
Containing (long line):
#!/bin/sh
xhost local:bobf; xterm -title bobf_ff1 -display $DISPLAY -geom 25x3+0+730 -bg fuchsia -e "sudo bobf-1" &
# end bobf-0
The second script. Name:
/usr/local/bin/bobf-1
Containing:
#!/bin/sh
su - bobf
# end bobf-1
Make both scripts executable, -0 by everyone, and, -1 by root. Alternatively, make -0 executable by bob only, or, maybe by a group.
4 — Edit bobf's /home/bobf/.bash_profile
This drives XTerm to present browser choice rather than a graphical log-in. MC is not listed as a choice, but typing m will run it. Portable Firefox is also not listed, use p to run it. You can ctrl-c out to a bobf terminal prompt, then exit to close the terminal.
Edit:
/home/bobf/.bash_profile
To the end add (long lines):
# start browser selection
while true; do
read -p "Firefox, Portable, or, Chrome?" fc
case $fc in
[Ff]* ) export DISPLAY=:0.0; firefox /home/tom3/fin.html; exit;;
[Cc]* ) export DISPLAY=:0.0; chromium-browser /home/tom3/fin.html; exit;;
[Mm]* ) export DISPLAY=:0.0; xfce4-terminal --title=Tom3-MC --geometry=132x50 --execute mc; exit;;
[Pp]* ) export DISPLAY=:0.0; /home/tom3/firefox-portable-t3/firefox-portable; exit;;
* ) echo "F+ for Firefox or C+ for Chrome.";;
esac
done
# end browser - file end 5 — Test time
Logged into bob's account, open a terminal, and run the script /usr/local/bin/bobf-0. Note you do not sudo this one.
[bob@home ~]$ /usr/local/bin/bobf-0
An XTerm should open in the lower left, and wait for an f or c. p and m are also available, but not mentioned. The entry can be upper or lower case.
Close the browser and the XTerm will close with it.
6 — Make sure it's secure
When the script works, make the launcher (-0) executable by everyone, and, protect the sudo script (-1) using chown/chmod to root/execute only producing:
---x------ 1 root root 157 Sep 19 2016 bobf-1Also chattr +1 the sudo script (-1):
----i--------e-- ./bobf-1It takes double-action by root to edit the file.
/etc/sudoers.d/bobf must be root-read only, and is edited using visudo
visudo -f /etc/sudoers.d/bobf7 — Add user bob to bobf's group
Since files may be downloaded by bobf, permissions can be modified to make it a little easer for bob to manage the files. This is not essential, and, may be done after a little use. I normally add the main user bob to group bobf.
8 — Make a launcher or menu entry
I do not launch the script from a terminal, but use either a launcher on an auto-hidden panel, or, add it to the applications menu.
In the first case, hovering the panel will pop it into view, and clicking the icon runs it. The command in the launcher is simply:
/usr/local/bin/bobf-0
Use startup notification and Run in terminal are both unchecked, and, I make my own icon.
When I add to the applications menu my method is a little complex because I add a menu category for all of my T-scripts. Keep in mind I use Xfce, I don't know about other DEs.
8a—To /home/bob/.local/share/ add the directory:
desktop-directories
8b— To that directory add the file (long line):
Scripts.directory
Containing:
[Desktop Entry] Type=Directory Encoding=UTF-8 Name=Scripts Icon=more_applications_section
So, for bob the file is (long line):
/home/bob/.local/share/desktop-directories/Scripts.directory
That provides the menu category. Now for the script entry, I'm continuing to use bob as the user:
8c—Make sure the following directory exists, add if needed:
/home/bob/.local/share/applications/
8d—To that directory, add a file.
Name:
bobf-browser.desktop
Containing:
[Desktop Entry] Categories=Scripts Name=Bobf-browser Type=Application Comment=Bobf-browser Exec=/usr/local/bin/bobf-0 Encoding=UTF-8 Icon=web-browser Path= Terminal=false StartupNotify=false
8e—Add the category Scripts to the Applications Menu.
Copy the file (long lines)
/etc/xdg/menus/applications.menuto
/home/bob/.config/menus/xfce-applications.menu
Edit bob's xfce-applications.menu, and between <Layout> and </Layout>>, along with the other <Menuname>s, add
<Menuname>Scripts</Menuname>
Here's part of mine. (long lines)
...
<Separator/>
<Filename>xfce-settings-manager.desktop</Filename>
<Filename>xfce4-settings-editor.desktop</Filename>
<Separator/>
<Menuname>Scripts</Menuname>
<Separator/>
<Menuname>More Applications</Menuname>
<Menuname>Archiving</Menuname>
<Menuname>Documentation</Menuname>
<Menuname>Editors</Menuname>
...
Near the end add
<Menu>
<Name>Scripts</Name>
<Directory>Scripts.directory</Directory>
<Include>
<Or>
<Category>Scripts</Category>
</Or>
</Include>
</Menu>
I put it before the last <Menu> entry.
8f—Add a .desktop file to the local applications directory
Add the file named:
/home/bob/.local/share/applications/bobf.desktop
Containing:
[Desktop Entry] Categories=Scripts Type=Application Name=Bobf-firefox Comment=Bobf-firefox Exec=/usr/local/bin/bobf-0 Icon=web-browser Path= Terminal=false StartupNotify=false Encoding=UTF-8
8g—Browser home page
Since the idea is to stay secure and well organized, I use a custom local home page. When the browser opens, there's the sites I handle with this ID. Here's my /home/bobf/fin.html. Note it's the page referenced in .bash_profile.
<html>
<head>
<title>Bobf's Home Page</title>
<style>body {background-color:wheat;} #colLeft {width:200px; margin:200px auto 0} a {color:navy;text-decoration:none} hr {width:75%; border:0;height:3px;background-color:teal;} body p {font-size:32px;} a:link {color: blue; text-decoration: underline; } /* a:active {color: green; text-decoration: underline; } a:hover {color: blue; text-decoration: none}
</style>
</head>
<body>
<div id="colLeft">
<p><a href="https://investor.vanguard.com/home/">Vanguard</a></p>
<p><a href="https://trading.scottrade.com/">Scottrade</a></p>
<p><a href="https://www.bankofthewest.com/">BankOfTheWest</a></p>
</div>
</body>
</html>
That's it, the job should be complete.
Click image to enlarge.Here's what it looks like in action. I am hovering the normally hidden panel on the bottom-left, which pops the icon out; the tool-tip is showing.
Click the icon and the fuchsia Xterm window opens, asking for f or c, opening the browser. Note I have a local home page with the sites I will visit.
When done, closing the Firefox window closes the Xterm window, as well. It's just like it never happened.
Creating a Portable Firefox
To create the portable Firefox, I use a script from github.com with a little modification.
The first 50 or so lines of the real script are interactive fill-ins for the location and version desired. Because the location of the downloads may change I locate the current address, and, the version info, and, fill that info in before starting. So, my version is about 40 lines shorter, and, just goes and gets the file I've already found. Here's how I start:
#!/bin/sh
# https://gist.github.com/rubo77/b999c1bc6d10ab802536
# Configure the following default variables according to your requirements
dir="/home/bob/Desktop/firefox-portable"
language="en-US" # e.g. "de" or "en-US"
application="firefox"
file="firefox-52.5.2esr.tar.bz2"
cd $dir
tar xfj $file
rm $file
mv $application app
mkdir data
echo '#!/bin/sh' > "${application}-portable"
That last line is from the real script and is line 57. From there to the end is as original.