[Snort-users] Run SNORT as different user

Fyodor fygrave at ...121...
Sat Mar 2 05:38:34 EST 2002


Brian <bmc at ...950...> spoke:
> > Chroot is -t
> 
> There is also another way.  If you can make the device that pcap reads
> from readable by a user or group other than root, then you should be 
> able to run snort as that user or group.
> 
> For example, in openbsd I set my bpf device to g+rw.  This change
> allows any user in the wheel group to sniff.
> 
> crw-rw----  1 root  wheel   23,   0 Mar  2 01:31 /dev/bpf0
> 

Although for the moment such features as 'flexresp' and the similar
(which require root access to initialize) will not work. I believe these
will be fixed with snort2x design, as for now... ;-) (it could be
patched but won't look nice, and could cause some other probs with file
perms and stuff)





More information about the Snort-users mailing list