[Snort-users] Log file owned by root problem
giermo at ...8381...
Mon May 10 10:30:08 EDT 2004
> Snort seems to start fine but the problem is when the log
> files are written the uid/gid is root/root I need them to be
> snort/snort. My startup line is as follows,
> snort -c /etc/snort/snort_eth0/snort.conf -i eth0 -u snort -g
> Shouldn't this output a log file with uid/gid snort/snort.
> All dirs and files are uid/gid snort/snort and anything else
> I could think of.
> If anyone has any suggestion I would greatly appreciate them.
snort opens the log file for writing prior to dropping privs to the
UID/GID specified on the commandline. There is a long explanation as to
why this is, but I am not the one to explain it.
There is, however, a workaround. add a -m 022 to tell snort to use a
umask of 022 for the logfile.
More information about the Snort-users