I have several 'no privilage' logins on my FreeBSD workstation that I
have made convenient for sandboxed browsing. Sometimes the browser is configured to automatically purge ALL history and cookies and data on
exit. Other times it is just so I am not tracked outside of what I do
directly on a specific service, like Slack (for work), or more recently, Twitter because Musk is buying it.
Here is how it works:
* X11 server must be listening via TCP so that you can use
export DISPLAY=:0.0
when you run stuff and it will connect
* use 'xhost +localhost' before starting the sandboxed application
(the run-as script will do this for you)
* create the scripts you see below, put them in the path
with appropriate names
* create a user for each application in which you want to run a sandbox
Each user should have your id_rsa.pub string in the
.ssh/authorized_keys file (a password prompt causes hangs
so this is a 'must' step)
* set up link buttons or menus that run something like this:
run-as-GUI luzer firefox --new-instance
http://track-me.com/
where 'luzer' is the user firefox runs under. Adjust the user name
and URL as appropriate.
It will then run firefox (or whatever) under that user name on your X11
desktop and sandbox everything that happens, including browser history,
links, plugins, whatever. You can allow script and not worry about
viruses or tracking (if you purge history) and if it poses a problem,
just delete the home dir and user and re-create it. Simple.
Here are the scripts:
run-as-GUI (you will need to adjust this for your desktop and path)
----------
#!/bin/sh
mate-terminal -x /home/my-user-name/bin/run-as $@
----------
run-as
------
!/bin/sh
if test -z "$2" ; then
echo Usage: run-as username command [arglist]
echo ""
echo This will run the specified \
'('GUI')' command via ssh as that user
echo If you do not want to be prompted for a password, set up the
echo user to allow an ssh cert to authenticate '('man ssh-keygen')'
echo ""
echo press enter key to exit
pause
exit
fi
xxx=`xhost | grep INET:localhost`
if test -z "$xxx" ; then
echo adding localhost as authorized to connect to this X server
xhost +localhost
fi
uuu="$1"
shift
ssh -f -l $uuu localhost "env DISPLAY=127.0.0.1:0.0 $@ &"
------
--
(aka 'Bombastic Bob' in case you wondered)
'Feeling with my fingers, and thinking with my brain' - me
'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)