Lock Firefox 6 Prefs (Also versions 3, 4, & 5)

In a corporate environment, it's often important to enforce Internet proxy settings for all users. Setting those options automatically is often difficult. Making them locked and immutable is even more difficult and poorly documented. Today we'll learn the basics, and from there you can customize Firefox as much or as little as you like.

The first thing to understand is how Firefox preferences work. In your browser, type the address "about:config" and press enter. After agreeing to their warning message, you should see a whole list of configuration options listed with their current settings. These settings are for your user only, but it should help you get the notion for just how many settings are possible to set.

If you're comfortable with the command line, the steps we're going to go over are quicker and easier with a terminal window, but we're going to show the GUI way so as not to exclude anyone. (If you are comfortable on the command line, you'll know how to follow the directions below without any problems)

I'm using Ubuntu 11.04 for this demonstration, but most distributions have similar setups. You might have to search a little for where preference files are stored, but the procedure will be similar. First we need to open a Nautilus window with superuser privileges. To do that, press ALT-F2, then type: gksudo nautilus and press enter.

Just click run!

Next we need to navigate the file system to the /etc/firefox directory. Depending on your version of Firefox, and your distribution, this folder and its contents might vary a bit. This is what it looks like with Ubuntu 11.04 and Firefox 6:

This might look different, you might have to edit a different file

The file we want to edit is that syspref.js file. This file might not be here for different versions, in which case you can try editing whatever .js file you find. Also files inside the pref folder are usually parsed, so you could create a .js file in there and it will probably work. Unfortunately, you'll just need to try it and see if it works.

Double click on the file, and it should open (with superuser privileges) in a text editor. You'll see this file was designed for adding custom preferences. Unfortunately, you can't lock preferences in here. Anything added to this file will be the default for new users, but you can't lock any preferences for all users. What we'll do is add a directive for another config file. In that one, we can lock prefs. You'll want to add the following to the bottom of the syspref.js file:

pref("general.config.obscure_value", 0);
pref("general.config.filename", "firefox.cfg");

Here's what my file looks like:

Anything else added will be defaults, but not immutable

Close that window and save the file. Next we need to make the firefox.cfg file we referenced. It would make sense that we'd put the file in the same folder, but sadly that's not the case. The file firefox.cfg with our locked preference settings needs to go in the /usr/lib/firefox-$VERSION/ folder. We need to replace $VERSION with the currently installed version of Firefox. That's where it gets a little confusing. If Firefox gets updated, we have to remember to move the firefox.cfg file to the new firefox-$VERSION folder. To do that, look in /usr/lib for the firefox folders that exist, and pick your current version. Here I've highlighted my current version, which is /usr/lib/firefox-6.0.

This is the most confusing part, but once you understand, it's not too bad

Once inside that folder, we need to create the lock file, which must be named whatever we called it back in the syspref.js file. In our case, we need to create a file called firefox.cfg.

Name the file firefox.cfg

Make sure to name the file "firefox.cfg" when you create it. Then double-click on the file, and we'll add our custom configuration. The preferences I'm most concerned with are Homepage Settings and Proxy Settings. Here's what goes into my firefox.cfg:

// Lock specific preferences in Firefox so that users cannot edit them
lockPref("app.update.enabled", false);
lockPref("network.proxy.http", "192.168.1.100");
lockPref("network.proxy.http_port", 3128);
lockPref("network.proxy.ssl", "192.168.1.100");
lockPref("network.proxy.ssl_port", 3128);
lockPref("network.proxy.type", 1);
lockPref("network.proxy.no_proxies_on", "localhost, 127.0.0.1, 192.168.1.0/24");
lockPref("browser.startup.homepage", "http://www.linuxjournal.com");

Note the lockPref directive. It differs from what we put in the syspref.js file, and as you'd expect, it locks the given preference. Here's what it looks like on my system:

You can lock any preference here

All that is left is to save that file, and close the Nautilus window. (Remember, you're running Nautilus as root -- that's not something you want to do willy nilly) Now, when users start Firefox, it will use the preferences you set, regardless of any setting they might have already set. For example, if a user tries to edit the proxy settings on my system, the fields I specified are not even available to change!

Why no, you can't change your proxy setting... :)

Hopefully this tutorial can be adapted to meet your Firefox needs. The ability to lock preferences is vital in a large network. I wish the procedure was better documented, but at least it's possible. Have fun!

______________________

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

FF lockPrefs not working

Jeff Donaldson's picture

I'm having a big issue with Firefox caching. I have an Ubuntu Lucid LTSP server (fully patched) with 32 Thin Clients (Dell Optiplex GX270s). All of our student account home directories are stored on a file server and are nfs mounted on each LTSP server. The problem I'm having is that when the lab is full of students using Firefox, firefox seems to be constantly trying to cache pages to their home directories. This is driving up the disk IO on our file server dramatically which also causes load average on file server to spike and cpu going into wait states. This then trickles back down to the LTSP server also causing the load average to jump dramatically. I've been trying for a few days now to get Firefox to cache pages to /tmp locally for all users. I updated to Firefox 7, then edited the firefox.js in /etc/firefox/pref to include these lines -

pref("general.config.obscure_value", 0); (supposed to tell FF not to worry about byteshift)
pref("general.config.filename", "firefox.cfg");

I then took a customized firefox.cfg file and placed it in /usr/lib/firefox-7.0.1. If I launch firefox, I get an error that it couldn't read the configuration file. So I downloaded the mozilla 13 byteshift perl script and ran it on my cfg file. Then Firefox launches successfully, only problem is that it doesn't seem to be pulling or locking any of the preferences I set in the file (most importantly, browser.cache.parent_directory). Can anyone tell me what I'm doing wrong? Or is there a better way to set Firefox to cache locally for all users?

Easier mandatory system-wide preferences (firefox7.0.1 on natty)

Jan Groenewald's picture

This works for us:

0 jan@muizenberg:/var/autofs/misc/home/jan$cat /etc/firefox/syspref.js
// This file can be used to configure global preferences for Firefox
// Example: Homepage
//pref("browser.startup.homepage", "http://www.weebls-stuff.com/wab/");

// Following added for on-site NFS desktops at http://www.aims.ac.za
// Mandatory settings
lockPref("browser.cache.disk.capacity", 0);
lockPref("browser.cache.disk.smart_size.enabled", false);
0 jan@muizenberg:/var/autofs/misc/home/jan$firefox --version
Mozilla Firefox 7.0.1

No need for the cfg and re-doing it every time firefox upgrades!

good article

live tv online's picture

it is new for me..thanks
http://streaming-net.blogspot.com

re: Lock Firefox 6 Prefs

old method's picture

Did newer firefox versions do away with the byteshift requirement? Older versions required a byteshift 13 on the mozilla.cfg file.

Older method summary requiring byteshift:
lock firefox about:config settings

0. Open firefox about:config and make any changes that you wish to be permanent or unchangeable and then close firefox. Note the entries you wish to lock.
1. Copy mozilla prefs.js(about:config settings file) to a file named config.txt(or whatever)
2. Edit the config.txt leaving only those prefs you wish to lock or prevent users from editing. about:support shows some about:config changed settings.
3. Replace each instance of "user_pref" starting each line with "lockPref"
4. See
http://alain.knaff.lu/howto/MozillaCustomization/mozilla.cfg.txt

//BEGIN CE prefs
try {

lockPref("browser.startup.homepage", "http://www.companyname.com");
lockPref("anothername", "another-value");
lockPref("anothername", "another-value");
lockPref("anothername", "another-value");
...and so on...

}

catch(e) {
displayError("Test", e);
}

5. Note the config file must start with //, or else it's not recognized by Mozilla. "//" is also the javascript comment syntax.

6. Use the byteshift script available below to byteshift 13 the config file. i.e.:

perl moz-byteshift.pl -s 13 < config.txt > mozilla.cfg

(netscape uses byteshift 7 but the process is similar)

7. Navigate to your firefox application directory where the firefox binary is located.

8. Open the ./greprefs/all.js file(path_to_firefox/greprefs/all.js) and add the following line:

pref("general.config.filename", "mozilla.cfg");

(adjust as needed if you named your mozilla.cfg file something else)

9. copy newly created mozilla.cfg to same location as the firefox binary(path_to_firefox/)
10. Start firefox and test. Settings specified in the original config.txt file should be locked from changes and override any user set changes.

Above summary steps obtained from these sources:
http://ilias.ca/blog/2005/03/locking-mozilla-firefox-settings/
https://developer.mozilla.org/en/Automatic_Mozilla_Configurator/Locked_c...
https://developer.mozilla.org/En/A_Brief_Guide_to_Mozilla_Preferences
http://blog.enrii.com/2006/11/07/lock-firefox-preferences/
http://linux.derkeiler.com/Mailing-Lists/SuSE/2004-07/2722.html

# Download moz-byteshift.pl from
http://alain.knaff.lu/howto/MozillaCustomization/moz-byteshift.pl

# Encode the new preferences file with this command:
perl moz-byteshift.pl -s 13 mozilla.cfg

sample config file at:
http://alain.knaff.lu/howto/MozillaCustomization/mozilla.cfg.txt

Yes!

Shawn Powers's picture

Thankfully, from what I can tell, that crazy byteshift stuff is gone. I still add the directive to my file that supposedly nullifies it anyway, in case it's some obscure option during the compile:

pref("general.config.obscure_value", 0);

In fact, in earlier versions of Firefox, I never even bothered trying to make it work, I just used the CCK extension. It worked great, and I didn't have to mangle my config files.

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Addition

psyhomb's picture

One small addition, if you add this line

lockPref("network.proxy.share_proxy_settings", true);

in firefox.cfg you will also lock "Use this proxy server for all protocols" checkbox.

Great article
Thank you very much

Strange

Shawn Powers's picture

What is really strange, is that at least in FF3, while that setting seems to hold -- it doesn't honor it. It took me MONTHS to figure out what was going on, but my client computers were not using the proxy for SSL traffic, even though I had that preference locked.

You are absolutely correct in that the setting is for that checkbox, but after that issue last year, I just manually put all the options in. (In fact, in my actual setup I also specify FTP and streaming)

So the short reply: Yes, you are correct. Just test to make sure it works. :)

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState