[Snort-users] Log file owned by root problem

SRH-Lists giermo at ...8381...
Mon May 10 10:30:08 EDT 2004

> Hi,
> Snort seems to start fine but the problem is when the log 
> files are written the uid/gid is root/root I need them to be 
> snort/snort. My startup line is as follows,
> snort -c /etc/snort/snort_eth0/snort.conf -i eth0 -u snort -g 
> snort
> Shouldn't this output a log file with uid/gid snort/snort.
> All dirs and files are uid/gid snort/snort and anything else 
> I could think of.
> If anyone has any suggestion I would greatly appreciate them.
> Dan

snort opens the log file for writing prior to dropping privs to the
UID/GID specified on the commandline.  There is a long explanation as to
why this is, but I am not the one to explain it.

There is, however, a workaround. add a -m 022 to tell snort to use a
umask of 022 for the logfile.


More information about the Snort-users mailing list