Exploits when running as a limited user can have little effect on the OS generally speaking.
To be honest I am more concerned with the files which I, as user, have R/W access to.
They are the files that are important to me. The OS itself I can install in about 30 mins. Some of those media files I have stored would take much longer to replace ...... from backups etc etc.
So, I have been considering isolating my on-line browsing for instance, so that my user files would not be open to abuse should some insecurity occur in the browser in the future. Yes it is unlikely that I would be the one to get hit if it did, but someone has to ...
So the idea is to create a new user especially for browsing (in this case) and to allow me to run Firefox as that new user. Seemed simple at the outset, but like all simple ideas it soon got a little complicated .... for me .... mostly because I did not know what I was doing.
I read this post about a similar setup in Gentoo, from a little time back, but had no success unfortunately in PCLOS ....http://calum.org/posts/running-firefox-as-another-user-using-sudo
I will outline what I did first so that you are with me ....
I created a new user ....... username: browser
and no password.
I created a new menu entry - called SafeFirefox - (yes I was being optimistic)
I then added the few lines to the sudoers file to enable firefox to be launched and run in the other user account. Those lines were copied from the linked page above and edited to reflect my machine and user.
I launched Firefox in the new account to create a new profile for it.
OK, so now I have a new SafeFirefox launch menu item in my main account, which looks like this
sudo -u browser -H firefox
I appear to be missing something or have something done in error.
After selecting to run the new entry in a terminal and giving it the --noclose option I can see the following in the terminal when I try to run Safefirefox
No protocol specified
No protocol specified
Error: cannot open display: :0.0
If anyone has any ideas where I went wrong I would be grateful for a pointer.
Alternatively of course if there is an easier method of running Firefox as a different user from my account, (so that Firefox or anything connected with it can have no access to my account and files,) please explain what it is.
The simpler the better
The simplest method I tried got hung up with Firefox trying unsuccessfully to access my /tmp
directory and not the other users /tmp
So it really has to run in the other user's environment ..... saving files/downloads etc etc to the other account by default.
Hopefully someone will be able to point out where I am going wrong .......
Thanks for reading.