[Snort-users] Running as unprivileged

Fyodor fygrave at ...121...
Thu Apr 19 13:26:28 EDT 2001

On Thu, Apr 19, 2001 at 09:31:52AM -0700, Jason Frey wrote:
> I am running snort as an unprivileged user and have found that the logs are still owned by root with 600 privileges.
> Is there a way to change this in the config file?

you can change umask, but I doubt you could change the owner :)

Those files are created before snort drops privelege hence the files ownership,
(I discussed this issue with you guys and got the feedback that it is not
really imprortant, so I left it like this), We could make a patch  to change
ownership explictly, but it would involve modifying either initialisation
routines of all spos or completely rewamping initialisation order (we need root
to initialize libpcap, but we need rules processing to be done before libpcap
is initialized because we need some data which is obtained during this
procedure blah blah.. of course it could be split, but I guess it is a bit of
hassle ;) 

More information about the Snort-users mailing list