[Snort-users] Snort-users Digest, Vol 86, Issue 13

waldo kitty wkitty42 at ...14940...
Thu Jul 11 05:59:58 EDT 2013

On 7/11/2013 04:56, anagha b wrote:
> I solved the root access problem by changing barnyard.conf but I am still not
> getting one point that I configured snort with user anagha and I have to run
> snort as root ?
> Can anybody give solution for it .

normal users do not have access to administration or system level objects... 
they do not need it and you do not want them to have such due to security 
risks... you also do not want to run snort as root or administrator in case it 
gets compromised...

using the -u -g options does not run snort as root... you /start/ snort as root 
so it can have access to the system objects it needs to do its job and then it 
switches its user and group to those specified on the command line and runs as 
them... this is why it is recommended to set up a user specifically for snort 
(and maybe other services) that has no login capability... some systems set up a 
snort user and group specifically for snort to use... others may have a nobody 
user and group that several services use... snort might be one of those services 
along with httpd, smtpd and others... how you do this is up to you but the user 
used should not have login capabilities at all... in many cases, this is as easy 
as setting their shell to "/bin/false"...

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

More information about the Snort-users mailing list