The main reason I run different instances of Firefox as different users
is *security*. If you simply run Firefox under one user with different
profiles, they all see the same file system. This is *not* what I want,
since Firefox might still have bugs that could allow nasty websites to
do damage to files, or even simply read files they shouldn't.
What I do when I run them as different users is to run each
Firefox chroot-ed to a new /root directory, and, by using "mount
--bind", each user has a "/home" directory with only its own home
directory mounted there, plus only those shared directories that are
necessary, and finally, its own "/tmp" directory. This means that the
different Firefox instances cannot even know about any files belonging
to other users (even if those files originally were world readable),
so it serves as "defense in depth" in the face of Firefox bugs.
Yes, I know that I should use kernel namespaces and fancy systemd
features, but I did this a while ago, and it would be time consuming to
convert for not a lot of gain. (Unless, perhaps, it would make it easy
to create security contexts on the fly...)
By the way, in Windows I restrict which network shares are accessible
to the different users. Also, local directories can even be restricted
beyond the users under Users (but Windows ACLs can get quite tricky to
get right).
Finally, it might be helpful to run the two radically different
versions of Firefox in different security contexts: I wouldn't be too
surprised if Quantum has more insecurities than Legacy (XUL) for some
time to come. (And I certainly would never want to run closed source
DRM-ed modules in the same context as private or sensitive data.)
P.S. In KDE, I tend to use different "workspaces" to group my Firefox
instances, as I only have a few that I keep running long term.
On Sat, 21 Apr 2018 11:23:31 -0600
Stephen Dowdy <sdo...@ucar.edu> wrote:
> My 2cents...
>
> I'm confused by the notion that running multiple versions/profiles of
> firefox is at all difficult -- at least on linux:
>
> {path-to-firefox-specific-version}/firefox -P {profile-name}
> --class=firefox_{profile-name} -no-remote -new-instance
>
> is all you need to run an infinite number (as much as your system can
> deal with) of versions and profiles as the user you are logged in as.
>
> This should work platform independently, though i don't use MacOS or
> Windows much, but i'm sure i have run at least multiple profiles of
> the same firefox version on Windows just fine (i don't think the
> 'class' cmdline arg does anything on Windows, though, but that's only
> useful for advanced grouping). (i know that Windows Registry
> probably doesn't support multiple firefox installs simultaneously
> (other than by "Channel"), but that'd be something Mozilla could Fix
> by creating Version-Dependent Registry sub-trees to avoid conflict (i
> doubt they are interested in doing that due to the low-payoff)
>
> I usually run 3 or more profiles at once (with hundreds of windows
> and thousands of tabs concurrently). As the "Web" has become more
> weaponized by "advertising" this gets harder and harder and more CPU
> and memory intensive, even with NoScript and the like.
>
> The hard part is keeping it all straight.
>
> I used to use 'showcase' to search down the tab i was looking for,
> but that's been deprecated. I now use "Tab
> Search" ( https://addons.mozilla.org/en-US/firefox/addon/tab_search/
> ) which does a decent (though not complete) job of replacing
> 'showcase'
>
> I also useda different theme for each profile for visual distinction
> (solid color themes work well, or, for example, if you have a
> "facebook" firefox profile, use a theme that has the "f" icon in it.
> Unfortunately, firefox makes it darn hard to identify/brand the
> visual layout with your profile name. I used to use "Show Profile"
> to do this to insert the profile name in the window's Titlebar, but
> again, that was deprecated by the new extensions system (sigh).
> there are others (like "Crappy Firetitle", but i think that one did
> something to GLOBALLY affect ALL my profiles with its static title
> referencing (grr)). best thing Firefox offers there is
> "about:profiles" so you can wade through your dozens of profiles (for
> me, anyway), and finally come across the text "This is the profile in
> use and it cannot be deleted." to know which profile that window is
> using.
>
> Also, the task managers for your Desktop Environment (i use KDE),
> theoretically SHOULD group your icons for each firefox individually
> based upon the X11 "class" name you specify on the command line, but
> unfortunately, KDE/Plasma's icon-only-task-manager has really sucked
> after KDE3 and fails to do this properly for me most of the time.
>
> --stephen
>
_______________________________________________
Enterprise mailing list
Enterprise@mozilla.org
https://mail.mozilla.org/listinfo/enterprise
To unsubscribe from this list, please visit
https://mail.mozilla.org/listinfo/enterprise or send an email to
enterprise-requ...@mozilla.org with a subject of "unsubscribe"
