[Snort-users] uid question

richard csraw at ...3480...
Thu Sep 20 09:39:04 EDT 2001

I am not sure this is the correct place to ask this..but since it
relates to snort i hope i can get some help. I am running rh7.1 and i
loaded snort originally with an rpm, i think 1.8, and it created the
user and group id for snort so that it can run from an init script,
snortd.  Well the other day i downloaded the latest tarball and tried to
install it and i got errors that i assumed were because of the rpm
version being on here. So i uninstalled the rpm version. Well when i did
it also deleted the user and group for snort to run from the init
script. I created the user and group ids again. But apparently i made a
mistake because after that eveything i did as root showed up that i did
it as snort user and group. It changed the perms on anything new i did.
Well i "thought" i figured out how i goofed that up and i recreated the
user and group ids and it looks as if i have everything correct in
/etc/passwd and /etc/shadow. I used linuxconf to verify also comparing
to my box at home the permissions for the user and group snort. Well now
when i run snort from the init script it tells me when it logs the first
packet that there is an error and it cannot open
/var/log/snort/portscan.  I have checked the permissions on the file
over and over again and it says that snort has permissions to write to
that file and ALL the files in the /var/log/snort directory. Can anyone
shed some light on what i might have done and how i can correct this?

More information about the Snort-users mailing list