On Sun, Mar 22, 2009 at 09:06:01PM +0000, Chris Davies wrote: > cesarino vinh <cesarinovin...@gmail.com> wrote: > > I just wanted to run my browser with a different user, because it's > > safer :S > > Safer than what...? If javascript breaks out of the iceweasel sandbox, I'd like it to be in a separate user's sandbox. > > How can I do that? I'm using wright now the "gksu" - and then run as user... > > so I can't make a shell script to do that, and I don't want to modify the > > browser's executable, and I'm not in programming, but the solution is to > > write an eg. C program to launch the browser, and then set SUID bit fot that > > C app?
Then you may add a security hole somewhere in your own code. I have a separate user, dtbrowser, with the same passwd as my usual username. It has its own home directory, isn't a member of extra groups, and as soon as I got it set up but before I used it to access anything, I made a tarball of its home directory (and store it in /home). I can remove and recreate that directory any time I want. I run from the command line and get X with startx. Therefore, I have startx aliased as: alias startx='/usr/bin/startx -- :1 -dpi 100 > /dev/null 2>&1 &' Thus, I can have my normal user, and dtbrowser, both running a web browser in separate X sessions at the same time. Doug. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
