Bug #1837: suricata 3.0* and 3.1 fails to initialize if run-as non-root user. - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1837

closed

suricata 3.0* and 3.1 fails to initialize if run-as non-root user.

Added by kevin buchanan almost 8 years ago. Updated over 6 years ago.

Status:

Closed

Priority:

Normal

Assignee:

OISF Dev

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

OS ubuntu 14.04 LTS\
1) create a user to run-as
2) configure suricata.yaml to run-as that user.
3) start suricata as root

6/7/2016 -- 00:25:49 - <Info> - dropped the caps for main thread
6/7/2016 -- 00:25:49 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/usr/local/var/log/suricata//stats.log": Permission denied

[2]+ Exit 1 sudo ./src/suricata -c /usr/local/etc/suricata/suricata.yaml --pfring --pfring-cluster-id=1 --pfring-cluster-type=cluster_flow -v --init-errors-fatal

fix seems to be:
suricata.c: main()
RunModeDispatch(suri.run_mode, suri.runmode_custom_mode);

//move this call down a bit and all is fine.
    SCDropMainThreadCaps(suri.userid, suri.groupid);

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #1837

suricata 3.0* and 3.1 fails to initialize if run-as non-root user.

Updated by Andreas Herz almost 8 years ago

Updated by kevin buchanan almost 8 years ago

Updated by Andreas Herz almost 8 years ago

Updated by Jason Ish over 6 years ago