Actions
Bug #2058
closedSuricata unable to remove PID file when privileges are dropped
Affected Versions:
Effort:
Difficulty:
Label:
Description
The PID file is written out before privileges are dropped which makes Suricata unable to remove it at exit as the file is owned by root.
I'm not sure what the best approach is to fix it. Either:
- Delay writing of the pid file to PreRunPostPrivsDropInit, but still do the pid file check in the current place.
- Or keep pid file creating in its current stop and chown it to the user/group that Suricata is requested to run as.
Actions