Bug #3352
closedincorrect permissions on /var/run/suricata when RUN_AS_USER is set
Description
on a fresh install of suricata 5, i am using RUN_AS_USER, and that user should own /var/run/suricata so it can create and communicate with /var/run/suricata/suricata.socket.
I have modified the init.d script in the function check_run_dir().
it is installed as:
check_run_dir() {
if [ ! -d /var/run/suricata ]; then
→⋅ mkdir /var/run/suricata
fi
→chmod 0755 /var/run/suricata
}
but i believe it should be:
check_run_dir() {
if [ ! -d /var/run/suricata ]; then
→⋅ mkdir /var/run/suricata
fi
# i add the following modification through a configuration mgmt system
if [ ! -z "$RUN_AS_USER" ]; then
chown $RUN_AS_USER /var/run/suricata;
fi
# end modification
→⋅chmod 0755 /var/run/suricata
}
I believe it was the same in version 4.X as i had this modification in older versions as well, I have not marked older affected versions as I have had this fix since I first started using Suricata 4.0 Since its so easily fixed, please feel free to change the classification.
And as always, thank you for the great software
Jeff
Updated by Victor Julien over 4 years ago
- Target version changed from 5.0.0 to TBD
Updated by Victor Julien over 4 years ago
- Status changed from New to Feedback
- Assignee changed from OISF Dev to Jeff Dyke
Where does this init script come from? It's not in our git repo.
Updated by Victor Julien over 4 years ago
- Effort deleted (
low) - Difficulty deleted (
low)
Updated by Jeff Dyke over 4 years ago
Victor Julien wrote:
Where does this init script come from? It's not in our git repo.
I noticed the same, i should have mentioned that, i'll start up a new VM and do a fresh install. This was on a new server using deb http://ppa.launchpad.net/oisf/suricata-stable/ubuntu bionic main from apt. The file that is installed has a date of Oct 15, same day as 5.0. I do have a salt state for the install but it does not install/modify the init.d file.
Thanks
Updated by Victor Julien over 4 years ago
@Peter Manev does this look like a file used in the PPA?
Updated by Peter Manev over 4 years ago
- Assignee changed from Jeff Dyke to Peter Manev
- Target version changed from TBD to 5.0.1
The modification is done in the "init.d/suricata" script (part of the package install). Will review and push a fix today (at least in the daily/git repo).
Updated by Peter Manev over 4 years ago
I've pushed the fix last night but wanted to confirm the packaging is ok first. The fix is in one of the test repos here - https://launchpad.net/~oisf/+archive/ubuntu/suricata-ids-ips/+packages (you can just do "add-apt-repository ppa:oisf/suricata-ids-ips ; apt-get update" to try it)
@Jeff Williams - do you mind giving it a try to confirm?
Updated by Jeff Dyke over 4 years ago
For my purposes this is fixed, thanks for the quick update! Sorry for the late reply
Best,
Jeff
Updated by Victor Julien over 4 years ago
- Status changed from Feedback to Closed
- Target version changed from 5.0.1 to Packaging/PPA