[Snort-users] Run SNORT as different user
fygrave at ...121...
Sat Mar 2 05:38:34 EST 2002
Brian <bmc at ...950...> spoke:
> > Chroot is -t
> There is also another way. If you can make the device that pcap reads
> from readable by a user or group other than root, then you should be
> able to run snort as that user or group.
> For example, in openbsd I set my bpf device to g+rw. This change
> allows any user in the wheel group to sniff.
> crw-rw---- 1 root wheel 23, 0 Mar 2 01:31 /dev/bpf0
Although for the moment such features as 'flexresp' and the similar
(which require root access to initialize) will not work. I believe these
will be fixed with snort2x design, as for now... ;-) (it could be
patched but won't look nice, and could cause some other probs with file
perms and stuff)
More information about the Snort-users