Locking preferences

From MozillaZine Knowledge Base
Revision as of 17:58, 7 June 2008 by El cameleon (talk | contribs) (Add reference to the Public Fox add-ons)
Jump to navigationJump to search

This article describes how to prevent specific settings from being modified from inside Firefox or Mozilla Suite / SeaMonkey. This is commonly known as locking preferences.

If you're looking at a larger scale internal solution, you should consider using the Mozilla Client Customization Kit for Firefox, which supports preference locking and much more-- all packaged in an easy to use installer.

Last but not least, you can consider to use the "Public Fox" Add-ons, in order to prevent users from downloading unwanted files, locks down Add-ons, Preferences, 'about:config', Bookmarks,... with a central password.

Guide

Determining settings

  • You must first determine which settings you want to lock. This can be done multiple ways:
    • A mostly complete list describing available settings can be found online on the about:config entries page.
    • Preference settings, both user-specified and default values, are displayed in the about:config window while Firefox or Mozilla Suite is running. Settings shown here are updated as you change them in the browser.
    • When the browser closes, it saves user-specified settings to the prefs.js file in the profile folder.
    • If all else fails, you can ask in the forums or on IRC.
  • Since it is commonly requested, we will use the browser proxy setting as an example. If you search for "proxy", you will eventually find the preference string for this option is "network.proxy.type". As described in the about:config entries article, the setting to use a direct connection is 0.

Creating the lock file

  • Next, create a text file, and make the first line start with double forward slashes. On the next line(s), add the preferences you want to lock. The format of these lines is similar to that found in prefs.js, except that lockPref is used instead:
 //
 lockPref("network.proxy.type", 0);
  • Save the file as mozilla.txt to your documents folder.
  • After this, you will need to encode the file into the lock file format (ROT13). The easiest way to do this is to use an online ROT13 encoder. Upload your mozilla.txt file, and save the resulting file as mozilla.cfg in your application folder (where the mozilla/seamonkey or firefox executable is located). Note: The lock file should look like garbled text if viewed in a normal text editor.

Loading the lock file

Finally, you must modify the all.js file. In Firefox, "all.js" is located in the greprefs subfolder of the application folder. In Mozilla Suite when installed on Windows, "all.js" is located in the greprefs subfolder of C:\Program Files\Common Files\mozilla.org\GRE\<buildID>.

  • Open the "all.js" file in a text editor and add the following line to the bottom, which points to the newly created lock file.
 pref("general.config.filename", "mozilla.cfg");
  • Save the change and completely restart Firefox. Now, all of the prefs listed will be locked.

Optional Steps

Hiding options

Since these settings can no longer be changed by the user, you may want to prevent them from being shown at all in the GUI. This purely cosmetic change can be done by modifying userChrome.css.

Restricting file access

A user who can modify all.js can obviously remove the lock file reference and change those settings. Revoking write authority from the user for all.js would prevent this. However, it should be noted that doing this may prevent the user from upgrading Firefox in the future, as new major versions may contain changes to this file.

Caveats

Since it is possible to completely bypass locked preferences by running a separate version of Firefox or Mozilla Suite (or a completely different browser) from a different location, it may be necessary to restrict which programs can be run. However, at this point, it is probably a good idea to examine exactly why you are locking the preferences in the first place. If the intent is to protect users from themselves, or to keep novice users from breaking their software, then you have probably done enough. However, if you are trying to secure your network using client-side settings, then you should realize this is very difficult, and ultimately wastes too many resources. Instead, you should probably redirect your efforts to the server/router where you can fight battles that are more easily won.

Undoing

To unlock all preferences, remove the entry you added earlier from the "all.js" file and completely restart Firefox or Mozilla Suite.

External links