the Chromium logo

The Chromium Projects

Linux Quick Start

This page describes the steps to get a managed instance of Google Chrome or Chromium up and running on Linux.

Download / Build the Browser

Depending on your network's requirements, you may either want to deploy Chromium or Google Chrome. The differences are described here.

There are several different ways to get the browser:

At the end of this process, you should have Google Chrome or Chromium installed.

Set Up Policies

The location of the policy configuration files depends on whether you are running Google Chrome or Chromium:

There are two sets of policies kept in these directories: one set that is required and mandated by an administrator, and one set that is recommended for users but not required. For Google Chrome, these two sets live at (remember that the paths differ for Chromium):

Create these directories if they do not already exist:

mkdir /etc/opt/chrome/policies
mkdir /etc/opt/chrome/policies/managed
mkdir /etc/opt/chrome/policies/recommended

Make sure that the files under /managed are not writable by non-admin users; otherwise, they could just overwrite your policies to get the configuration they want!

chmod -w /etc/opt/chrome/policies/managed

To set policies that are required, create a file named "test_policy.json" in /etc/opt/chrome/policies/managed/

touch /etc/opt/chrome/policies/managed/test_policy.json

In this file, put the following content:

{
  "ShowHomeButton": true
}

That's it! The next time you start Google Chrome on that machine, the home button next to the location bar (which is not shown by default) will be shown and locked to this value.

To see what other policies you can control, review the exhaustive list of all manageable policies.

You can spread your policies over multiple JSON files. Chrome will read and apply them all. However, you should not be setting the same policy in more than one file. If you do, it is undefined which of the values you specified prevails.

Make sure that policy JSON files under ../managed/ are not writable by just anyone! Google Chrome / Chromium gives these files higher priority, so they should only be writable by an administrator or root!

Push out the Policies and Browser

Using whatever mechanism you use to push files to clients, whether it be a utility or just a script file, push the "test_policy.json" file out to the target machines in your network. Make sure that this file exists at /etc/opt/chrome/policies/managed/ on all the target machines. You could do this simply by scp'ing the files to the target:

scp -r /etc/opt/chrome/policies adminusername@targetmachine:/etc/opt/chrome

Similarly, use whatever file-pushing utility or script to push out Google Chrome / Chromium. Whenever a user on those target machines runs Google Chrome / Chromium, it will obey the policy files you copied onto those machines.