Bug #1837
closedsuricata 3.0* and 3.1 fails to initialize if run-as non-root user.
Description
OS ubuntu 14.04 LTS\
1) create a user to run-as
2) configure suricata.yaml to run-as that user.
3) start suricata as root
6/7/2016 -- 00:25:49 - <Info> - dropped the caps for main thread
6/7/2016 -- 00:25:49 - <Error> - [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/usr/local/var/log/suricata//stats.log": Permission denied
[2]+ Exit 1 sudo ./src/suricata -c /usr/local/etc/suricata/suricata.yaml --pfring --pfring-cluster-id=1 --pfring-cluster-type=cluster_flow -v --init-errors-fatal
fix seems to be:
suricata.c: main()
RunModeDispatch(suri.run_mode, suri.runmode_custom_mode);
//move this call down a bit and all is fine.
SCDropMainThreadCaps(suri.userid, suri.groupid);
Updated by Andreas Herz over 8 years ago
What are the permissions on /usr/local/var/log/suricata?
Updated by kevin buchanan over 8 years ago
foobar:$ ls al /usr/local/var/log/suricata/ 1 root root 29307293 Jul 6 18:14 stats.log
total 28680
drwxrwxr-x 4 root foobar 36864 Jul 6 00:32 .
drwxr-xr-x 5 root root 4096 Mar 25 09:18 ..
drwxr-xr-x 2 root foobar 4096 Sep 7 2015 certs
drwxr-xr-x 2 root foobar 4096 Sep 7 2015 files
-rw-r--r-
I used these instructions:
sudo mkdir -p /usr/local/var/log/suricata
sudo chown -R root:foobar /usr/local/var/log/suricata
sudo chmod -R 775 /usr/local/var/log/suricata
Thx
Updated by Andreas Herz over 8 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Jason Ish about 7 years ago
- Status changed from New to Closed
- Target version deleted (
TBD)
Closing. Unable to reproduce with 4.0.3.
Please re-open if this remains an issue. And also include your suricata.yaml, or at least the "run-as" section. Thanks.