Disable browser default password managers - Linux

This topic detail the steps to disable the default password manager in the Firefox and Chrome browsers.

Disabling the browser default password manager

Chrome

  1. Download the Google Chrome .deb or .rpm for Linux.
  2. Download the Chrome Enterprise Bundle.
  3. Unzip the Enterprise Bundle (GoogleChromeEnterpriseBundle64.zip or GoogleChromeEnterpriseBundle32.zip) and open the /Configuration folder.
  4. Make a copy of the master_preferences.json (in Chrome 91+, initial_preferences.json) and rename it managed_preferences.json.
  5. To disable Chrome's built-in password manager, add the following to managed_preferences.json

    6. "policies": {

    "PasswordManagerEnabled": false

    }

  6. If the following directories do not exist, create them:

    7. /etc/opt/chrome/policies

    /etc/opt/chrome/policies/managed

  7. Move managed_preferences.json into /etc/opt/chrome/policies/managed.
  8. As you will need to deploy these files to users machines, we recommend making sure only admins can write files in the /managed directory.

    9. chmod -R 755 /etc/opt/chrome/policies

  9. Additionally, we recommend admins should add the following to files to prevent modifications to the files themselves:

    10. chmod 644 /etc/opt/chrome/policies/managed/managed_preferences.json

  10. Using your preferred software distribution or MDM tool, deploy the following to users' machines:
    • Google Chrome Browser
    • /etc/opt/chrome/policies/managed/managed_preferences.json

    11. For more help, refer to Google's Chrome Browser Quick Start for Linux guide.

Firefox

  1. Download Firefox for Linux.
  2. Open a terminal and navigate to the directory your download has been saved to. For example:

    3. cd ~/Downloads

  3. Extract to contents of the downloaded file:

    4. tar xjf firefox-*.tar.bz2

  4. The following commands must be executed as root, or preceded by sudo.
  5. Move the uncompressed Firefox folder to /opt:

    6. mv firefox /opt

  6. Create a symlink to the Firefox executable:

    7. ln -s /opt/firefox /usr/local/bin/firefox

  7. Download a copy of the desktop file:

    8. wget https://raw.githubusercontent.com/mozilla/sumo-kb/main/install-firefox-linux/firefox.desktop -P /usr/local/share/applications

  8. To disable Firefox's built-in password manager, add the following to policies.json:

    9. "policies": {

    "PasswordManagerEnabled": false

    }

  9. Create the following directory if it does not already exist:

    10. mkdir /opt/firefox/distribution

  10. Modify the directory with the following:

    11. chmod 755 /opt/firefox/distribution

  11. Admins should add the following to files to prevent modifications to the files themselves:

    12. chmod 644 /opt/firefox/distribution/policies.json

  12. Using your preferred software distribution or MDM tool, deploy the following to users' machines:
    • Firefox Browser
    • /distribution/policies.json

    13. For more help, refer to Firefox's policies.json Overview or Policies README on Github.