Hi, I've just finished writing the following howto on locking down the configuration of mozilla. Given IE's recent troubles, and the increasing adoption of linux desktops I figure that it'll be of use to far more people than my firm. Its still an initial release, so any feedback will be gratefully recieved. Regards, Ben ----- Locking Down Mozilla and Fire* For Suse 9.1 and earlier Ben Higginbottom <benDOThigginbottomATntlworldDOTcom> (Note that this howto applies to Solaris, MacOS, Windows, BeOS and any other system capable of running moz with only a few modifications, it can also be applied to netscape browsers) This Howto has been prepared for a school I'm converting to dual boot enviroment for september. As linux was sold to them as a platform for providing access to educational programs as opposed to 'teach linux' I've had to apply to varying degrees KDE's kiosk mode developed by Waldo Bastian. However the schools default browser for the past two years has been Mozilla 1.1, and they have no desire to change other than to upgrade to the latest version. Mozilla of course is outside of the kde lockdown, so a seperate procedure is needed to stop the children from messing with proxy settings or changing their home page and so on. Obviously this can apply in a commercial enviroment as well. To begin with install mozilla and configure as desired. Mozilla's preferences are stored within the home directory under the dot directories .mozilla or .firefox/.phoenix depending on the version you use in the file prefs.js in .(mozilla/firefox)/default/(profile).slt/ Copy this file out of the directory as this is what is to be modified in order to creafe a global configuration. The contents of the file are rather self explanitory, and look something like this: //personal firefox 0.91 prefs.js //some settings changed to protect the innocent user_pref("browser.download.dir", "/home/ben/iso"); user_pref("browser.download.lastDir", "/home/ben/Documents/trinconv"); user_pref("browser.download.save_converter_index", 0); user_pref("browser.download.useDownloadDir", false); user_pref("browser.preferences.lastpanel", 0); user_pref("browser.startup.homepage", "http://www.userfriendly.org/|http://www.techcentralstation.com/"); user_pref("browser.startup.homepage_override.mstone", "rv:1.7"); user_pref("browser.tabs.autoHide", false); user_pref("browser.tabs.warnOnClose", false); user_pref("extensions.disabledObsolete", true); user_pref("extensions.lastAppVersion", "0.9"); user_pref("general.smoothScroll", true); user_pref("intl.charsetmenu.browser.cache", "UTF-8, ISO-8859-15, windows-1252"); user_pref("network.cookie.prefsMigrated", true); user_pref("network.proxy.ftp", "0.0.0.0"); user_pref("network.proxy.ftp_port", 8080); user_pref("network.proxy.http", "0.0.0.0"); user_pref("network.proxy.http_port", 8080); user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1"); user_pref("network.proxy.ssl", "0.0.0.0"); user_pref("network.proxy.ssl_port", 8080); user_pref("network.proxy.type", 1); user_pref("prefs.converted-to-utf8", true); user_pref("privacy.popups.firstTime", false); user_pref("security.OCSP.URL", ""); user_pref("security.OCSP.signingCA", "Builtin Object Token:Verisign Class 1 Public Primary OCSP Responder"); user_pref("security.warn_entering_secure", false); user_pref("security.warn_leaving_secure", false); user_pref("security.warn_submit_insecure", false); user_pref("update.app.enabled", false); user_pref("update.extensions.enabled", false); These are only a few of the options that can be set, for a full list, and the syntax you will need to use with them type about:config into your address bar. To lock a preference, just replace user_pref with LockPref, remove any user specific information and then put it into a framework, for example to lock a proxy runing on port 8008 at 192.168.10.1; the browsers homepage being http;//www.acompany.com and no bypassing the proxy only for home the result would be: try { lockPref("network.proxy.ftp", "192.168.10.1"); lockPref("network.proxy.ftp_port", 8008); lockPref("network.proxy.http", "192.168.10.1"); lockPref("network.proxy.http_port", 8008); lockPref("network.proxy.ssl", "192.168.10.1"); lockPref("network.proxy.ssl_port", 8008); lockPref("network.proxy.type", 1); lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1"); lockPref("browser.startup.homepage", "http://www.acompany.com/"); lockPref("browser.startup.homepage_override.mstone", "rv:1.7"); } catch(e){ displayError("lockedPref", e); } //Note that the try and catch are there to catch any syntax errors that might have been made Save this file with whatever name you wish; from here on it will be refered to as $filename, if you only wish a setting to be made to be a default rather than locked in, pref can be used instead of lockPref This file now needs to be encoded into a binary that mozilla can read, this can be done using a perl script called moz-byteshift.pl which can be obtained from here: http://alain.knaff.lu/howto/MozillaCustomization/moz-byteshift.pl For windows users, or anyone else who doesnt wish to install perl, there is a online encoding tool available at: <http://www.alain.knaff.lu/~aknaff/howto/MozillaCustomization/cgi/byteshf.cg i> The encoding used is a simple offset of 13 (netscape uses 7) so the command is: moz-byteshift.pl -s 13 <$filename.js> $filename.cfg The cfg file should then be stored in /opt/mozilla/lib or /opt/firefox/lib (default install locations for SuSE). Finally the line pref("general.config.filename", "$filename.cfg"); Must be added to the all.js file located in /opt/mozilla/lib/defaults/pref, this file is then called whenever mozilla is started, locked preferences will be visible, but greyed out, prefs will be in their relevant location, but editable and user_prefs will be empty. References used: Alain Knaffs Mozilla Customisation Pages http://alain.knaff.linux.lu/ The following post at seul-edu http://archives.seul.org/seul/edu/Jan-2003/msg00049.html LTSP Mozilla Lockdown HOWTO http://togami.com/~warren/guides/mozlockdown/ A Brief Guide to Mozilla Preferences http://www.mozilla.org/catalog/end-user/customizing/briefprefs.html Documentation is far from good, but contains the information needed to translate this document to another platform.