Locking preferences

From MozillaZine Knowledge Base
Revision as of 18:37, 31 October 2006 by Np (talk | contribs) (in house style and cat)
Jump to navigationJump to search

This article describes how to prevent specific settings from being modified from inside Firefox, or any other Mozilla-based application. This is commonly known as locking preferences.

If you're looking at a larger scale internal solution, you should consider using the Mozilla Client Customization Kit, which supports preference locking and much more-- all packaged in an easy to use installer.

Guide

Determining settings

  • You must first determine which settings you want to lock. This can be done multiple ways:
    • A mostly complete list describing available settings can be found online on the about:config entries page.
    • All user-specified settings, along with a few others, are stored in the about:config window while Firefox runs. Settings displayed here are updated as you change them in the browser.
    • When the browser closes, it saves settings to prefs.js in the profile folder.
    • If all else fails, you can ask in the forums or on IRC.
  • Since it is commonly requested, we will use the browser proxy setting as an example. If you search for "proxy", you will eventually find the pref string for this option is "network.proxy.type". As described in the about:config entries article, the setting to use a direct connection is 0.

Creating the lock file

  • Next, create a text file, and make the first line start with double forward slashes. On the next line(s), add the prefs you want to lock. The format of these lines is similar to that found in prefs.js, except that lockPref is used instead:
 //
 lockPref("network.proxy.type", 0);
  • Save the file as mozilla.txt to your documents folder.
  • After this, you will need to encode the file into the lock file format (ROT13). The easiest way to do this is to use an online ROT13 encoder. Upload your mozilla.txt file, and save the resulting file as mozilla.cfg in your application folder (where the firefox executable is located). Note: The lock file should look like garbled text if viewed in a normal text editor.

Loading the lock file

  • Finally, you must modify all.js in the greprefs subfolder of the application folder. Open this file, and add the following line to the bottom, which points to the newly created lock file.
 pref("general.config.filename", "mozilla.cfg");
  • Save the change and completely restart Firefox. Now, all of the prefs listed will be locked.

Optional Steps

Hiding options

Since these settings can no longer be changed by the user, you may want to prevent them from being shown at all in the GUI. This purely cosmetic change can be done by modifying userChrome.css.

Restricting file access

A user who can modify all.js can obviously remove the lock file reference and change those settings. Revoking write authority from the user for all.js would prevent this. However, it should be noted that doing this may prevent the user from upgrading Firefox in the future, as new major versions may contain changes to this file.

Caveats

Since it is possible to completely bypass locked prefs by running a separate version of Firefox (or a completely different browser) from a different location, it may be necessary to restrict which programs can be run. However, at this point, it is probably a good idea to examine exactly why you are locking the prefs in the first place. If the intent is to protect users from themselves, or to keep novice users from breaking their software, then you have probably done enough. However, if you are trying to secure your network using client-side settings, then you should realize this is very difficult, and ultimately wastes too many resources. Instead, you should probably redirect your efforts to the server/router where you can fight battles that are more easily won.

Undoing

To unlock all prefs, remove the entry from all.js and completely restart Firefox.