Security: Isolated Browser eMail Programs

If you want to be more secure, on Linux you can isolate used programs on different Users! All you need is installed by default!

isolated firefox thunderbird

Howto:

  • Add a new User for eMail and Browser to the System with:

$sudo adduser mailuser
$sudo adduser webuser

  • now install if not installed by default „gksu“ User Switch

$sudo apt-get install gksu

  • copy now the default App Links to webuser’s Home Desktop, for mailuser enter mailuser’s name

$cp /usr/share/applications/firefox-esr.desktop /home/webuser/Desktop/firefox-esr.desktop

  • edit the firefox-esr.desktop by right click on nautilus or a editor and change command line:
  • old:

/usr/lib/firefox-esr/firefox-esr %u

  • to:

gksu -u webuser -w "/usr/lib/firefox-esr/firefox-esr %u"

  • save and exit
  • Now to test click on the Firefox App Link and a Password is asked! Enter the webuser password and you use Firefox on a isolated Account!
  • Do same for thunderbird eMail Client! that no bad Code can access your Emails!
  • Set the Home Folder rights for webuser and mailuser to 700 with:

$sudo chmod 700 /home/webuser
$sudo chmod 700 /home/mailuser

  • Remark: Same Technics available at Windows or other Unix Systems, alternate use VNCSERVER! a App to run Desktops inside Desktops!
  • Advantage: Programs run on isolated RAM Space!