[Snort-users] Problems with PostgreSQL users permissions

Michael Steele michaels at ...9077...
Sun Mar 4 16:02:21 EST 2012


I'm trying to setup user permissions on a PostgreSQL database. 

I have two databases; snort, and archice

The snort.conf  is using user 'snort' to write events to the 'snort'
database, and the user 'snort' only needs to write events to the 'snort'
database.
Base is using user 'base' to manipulate the data in the 'snort' and
'archive' databases.  

I'm not real sure what I need to set per user, per table. I'm using some
examples I found. However there is a problem. In the 'GRANT UPDATE' line
below I get an error; the table ' reference_sys_ref_system_id_seq' is not
found. Looking in the database tables, that table hasn't been created.

I'm assuming the missing table is not needed?

Is the below the best way to accomplish what I'm looking to do?

 snort database - snort user:
snort=# GRANT SELECT ON detail, encoding, event, reference_system, schema,
sensor, sig_class, sig_reference, signature TO snort;
snort=# GRANT INSERT ON data, event, icmphdr, iphdr, opt, reference,
reference_system, sensor, sig_class, sig_reference, signature, tcphdr,
udphdr TO snort;
snort=# GRANT UPDATE ON reference_ref_id_seq,
reference_sys_ref_system_id_seq, sensor_sid_seq, sig_class_sig_class_id_seq,
signature_sig_id_seq TO snort;

snort database - base user:
  snort=# GRANT SELECT ON detail, encoding, event, reference_system, schema,
sensor, sig_class, sig_reference, signature TO archive;
  snort=# GRANT INSERT ON data, event, icmphdr, iphdr, opt, reference,
reference_system, sensor, sig_class, sig_reference, signature, tcphdr,
udphdr TO archive;
  snort=# GRANT UPDATE ON reference_ref_id_seq,
reference_sys_ref_system_id_seq, sensor_sid_seq, sig_class_sig_class_id_seq,
signature_sig_id_seq TO archive;

archive database - base user: 
archive=# GRANT SELECT ON detail, encoding, event, reference_system, schema,
sensor, sig_class, sig_reference, signature TO archive;
archive=# GRANT INSERT ON data, event, icmphdr, iphdr, opt, reference,
reference_system, sensor, sig_class, sig_reference, signature, tcphdr,
udphdr TO archive;
archive=# GRANT UPDATE ON reference_ref_id_seq,
reference_sys_ref_system_id_seq, sensor_sid_seq, sig_class_sig_class_id_seq,
signature_sig_id_seq TO archive;

Kindest regards,
Michael...





More information about the Snort-users mailing list