Locking preferences

From MozillaZine Knowledge Base
Revision as of 19:24, 9 October 2011 by Tonymec (talk | contribs) (→‎Guide)
Jump to navigationJump to search

This article describes how to prevent specific settings from being modified from inside Firefox or Mozilla Suite / SeaMonkey. This is commonly known as locking preferences.

If you're looking at a larger scale internal solution, you should consider using the Mozilla Client Customization Kit for Firefox, which supports preference locking and much more-- all packaged in an easy to use installer.

Guide

Determining settings

  • You must first determine which settings you want to lock. This can be done multiple ways:
    • A mostly complete list describing available settings can be found online on the about:config entries page.
    • Preference settings, both user-specified and default values, are displayed in the about:config window while Firefox or Mozilla Suite is running. Settings shown here are updated as you change them in the browser.
    • When the browser closes, it saves user-specified settings to the prefs.js file in the profile folder.
    • If all else fails, you can ask in the forums or on IRC.
  • Since it is commonly requested, we will use the browser proxy setting as an example. If you search for "proxy", you will eventually find the preference string for this option is "network.proxy.type". As described in the about:config entries article, the setting to use a direct connection is 0.

Creating the lock file

  • Next, create a text file, and make the first line start with double forward slashes. On the next line(s), add the preferences you want to lock. The format of these lines is similar to that found in prefs.js, except that lockPref is used instead:
 //
 lockPref("network.proxy.type", 0);
  • Save the file as mozilla.cfg in your your installation_directory (where the seamonkey, thunderbird or firefox executable is located)
  • Note: This document (like many references throughout the web) previously recommended encoding this file as ROT13. This requirement is not mandatory and can easily be circumvented when loading the lock file (see below).

Loading the lock file

Finally, you must tell the application to load the lock file. Create a new file (eg "local-settings.js") in the defaults/pref subfolder of the installation_directory.

  • Open the "local-settings.js" file in a text editor and add the following line to the bottom, which points to the newly created lock file.
 pref("general.config.obscure_value", 0);
 pref("general.config.filename", "mozilla.cfg");
  • Save the change and completely restart Firefox. Now, all of the prefs listed will be locked.
  • Notes:
  1. This document previously recommended modifying the "all.js" file in the greprefs subfolder. Doing so breaks application updates whenever all.js must be updated, more details are given in bug 448504. Furthermore (see below) in current versions the greprefs subfolder does not exist anymore, and greprefs/all.js has been renamed greprefs.js.
  2. In current versions of Firefox, Thunderbird and SeaMonkey, the file greprefs.js and the defaults/pref directory are part of the zipfile omni.jar found at top level of the installation directory. This means that your defaults/pref/local-settings.js file described above must be zipped into it again as you install every update in turn. Keep a copy of it somewhere safe, not in the installation directory tree.

Optional Steps

Hiding options

Since these settings can no longer be changed by the user, you may want to prevent them from being shown at all in the GUI. This purely cosmetic change can be done by modifying userChrome.css.

Restricting file access

A user who can modify local-settings.js can obviously remove the lock file reference and change those settings. Revoking write authority from the user for local-settings.js would prevent this. However, it should be noted that doing this may prevent the user from upgrading Firefox in the future, as new major versions may contain changes to related files (such as "all.js").

Caveats

Since it is possible to completely bypass locked preferences by running a separate version of Firefox or Mozilla Suite (or a completely different browser) from a different location, it may be necessary to restrict which programs can be run. However, at this point, it is probably a good idea to examine exactly why you are locking the preferences in the first place. If the intent is to protect users from themselves, or to keep novice users from breaking their software, then you have probably done enough. However, if you are trying to secure your network using client-side settings, then you should realize this is very difficult, and ultimately wastes too many resources. Instead, you should probably redirect your efforts to the server/router where you can fight battles that are more easily won.

Undoing

To unlock all preferences, remove the entry you added earlier from the "local-settings.js" file and completely restart Firefox or Mozilla Suite.

External links