RE: Snort user -u/-g and permissions docs?

[Erek Adams <erek () snort org>]

On Sat, 23 Aug 2003, Gordon Cunningham wrote:

> Sanitized for posting...   Works with root:
>
> /<path to snort>/snort -d -D -u root -g root -c /<path to
> conf>/snort-eth0.conf -i eth0
>
>
> Doesn't work with a non-su user in place of "root" above.  User has
> permissions in the paths above, plus log path and pid file path.

Right.  Makes perfect sense.

Rule #1 of working on a problem with Snort that you can't figure out:

        Remove the "-D" switch.

Rule #2 of working on a problem with Snort that you can't figure out:

        Remove the "-D" switch.

Now that that is clear....  :)

  If you remove the -D you'll see Snort actually report an error.  Try it.
:)

It's telling you that the user 'fred' (or whoever) doesn't have
permissions to read the /dev/eth0 or /dev/bpf device.

Solution, open up the perms on the device to the group that 'fred' is in,
or use a chroot jail with the appropriate devices.  Hrm...  I wonder if
you could duplicate the device with a mknod, then chown it to 'fred'?
Looks like I'll need to test that.  :)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users