[K12OSN] Lock down proxy settings and home page

Michael Paric mparic at compbizsolutions.com
Sun May 31 21:41:58 UTC 2009


The proxy,  home page and other preferences are saved in the file:

/home/<user_name>/.mozilla/firefox/<id_number>/prefs.js

What we did at our high school was to create a master prefs.js file in  
the /etc/skel/ directory that was only writable by root (but readable  
by all). Then if we needed to update the preferences (change proxy  
server, home page, etc.) we ran this simple shell script called  
prefsupdate.sh as root:

#/bin/bash
cd /home
for user in `ls -d *`
do
	DEST=`ls /home/$user/.mozilla/firefox/*/prefs.js`
	echo $DEST
	cp --preserve=mode /etc/skel/prefs.js $DEST
done

Automatically updated everyone's Firefox preferences (including proxy  
settings) but since it was not writable by user, it effectively locked  
them out of changing it. Not automatic when adding new users but  
simple and quick enough to run when you did.

Hope it helps!
--------------------------------------------------------
Michael Paric
Computer Business Solutions
707-317-6710
mparic at compbizsolutions.com
www.compbizsolutions.com


> Date: Sun, 31 May 2009 08:55:06 -0400
> From: Rob Owens <rowens at ptd.net>
> Subject: Re: [K12OSN] Lock down proxy settings and home page
> To: "Support list for open source software in schools."
> 	<k12osn at redhat.com>
> Message-ID: <20090531125506.GB7385 at aurora.owens.net>
> Content-Type: text/plain; charset=us-ascii
>
> I know that you can lock down settings in the Epiphany browser,  
> using gconf.  Users will find it very similar to Firefox.  Google  
> for "gnome lockdown".
>
> -Rob
>
> On Tue, May 26, 2009 at 10:30:08PM -0700, murrah boswell wrote:
>> Hello all,
>>
>> Does anybody know how to lock down proxy and home page settings in
>> firefox through K12LTSP EL5? I need to be able to selectively lock  
>> down
>> some workstations that will be in a "student" group so they can only
>> access certain educational sites. Access to these sites will be
>> controlled through a SquidGuard whitelist.
>>
>> I can do this fine using the login script function of Samba and  
>> Firefox
>> running on windows based workstations, and can also lock down IE.
>>
>> Locking down Firefox on windows workstation requires that I rewrite
>> (through vbs scripts pushed over at login and executed) some config  
>> files
>> under C:\Program Files\Mozilla Firefox and C:\Programs Files\Mozilla
>> Firefox\greprefs. Anybody know how to do get the same results through
>> K12LTSP EL5?
>>
>> I can force all thin client traffic through port 3128 with Squid  
>> running
>> as a transparent proxy and eliminate the need to configure client  
>> proxy
>> settings in Firefox, but I would also like to have clients  
>> authenticate
>> so I can manipulate SquidGuard based on username.
>>
>>
>> Regards,
>> Murrah Boswell
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>









More information about the K12OSN mailing list