Actions
Bug #3219
closedpermission of data dir should be checked before operations
Affected Versions:
Effort:
Difficulty:
Label:
Description
When running with insufficient permissions, the default updating is kind of ok:
$ ./bin/suricata-update --suricata-conf ../suricata/suricata.yaml --suricata ../suricata/src/suricata 5/10/2019 -- 08:08:06 - <Info> -- Using data-directory /var/lib/suricata. 5/10/2019 -- 08:08:06 - <Info> -- Using /etc/suricata/rules for Suricata provided rules. 5/10/2019 -- 08:08:06 - <Info> -- Found Suricata version 5.0.0-dev at ../suricata/src/suricata. 5/10/2019 -- 08:08:06 - <Info> -- Loading ../suricata/suricata.yaml 5/10/2019 -- 08:08:06 - <Info> -- Disabling rules with proto modbus 5/10/2019 -- 08:08:06 - <Info> -- Disabling rules with proto enip 5/10/2019 -- 08:08:06 - <Info> -- Disabling rules with proto dnp3 5/10/2019 -- 08:08:06 - <Warning> -- Source index is older than 2 weeks. Please update with suricata-update update-sources. 5/10/2019 -- 08:08:06 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-5.0.0/emerging.rules.tar.gz. 100% - 2461714/2461714 5/10/2019 -- 08:08:12 - <Error> -- Failed to copy file: [Errno 13] Permission denied: u'/var/lib/suricata/update/cache/1168f1cf2d4676c8d507bbb6ea3b2078-emerging.rules.tar.gz'
Although I would have expected an error sooner, like right after
5/10/2019 -- 08:08:06 - <Info> -- Using data-directory /var/lib/suricata.
But when doing the update-sources command things get more ugly:
$ ./bin/suricata-update --suricata-conf ../suricata/suricata.yaml --suricata ../suricata/src/suricata update-sources 5/10/2019 -- 08:08:34 - <Info> -- Using data-directory /var/lib/suricata. 5/10/2019 -- 08:08:34 - <Info> -- Using /etc/suricata/rules for Suricata provided rules. 5/10/2019 -- 08:08:34 - <Info> -- Found Suricata version 5.0.0-dev at ../suricata/src/suricata. 5/10/2019 -- 08:08:34 - <Info> -- Downloading https://www.openinfosecfoundation.org/rules/index.yaml Traceback (most recent call last): File "./bin/suricata-update", line 33, in <module> sys.exit(main.main()) File "/home/victor/dev/suricata-update/suricata/update/main.py", line 1512, in main sys.exit(_main()) File "/home/victor/dev/suricata-update/suricata/update/main.py", line 1285, in _main return args.func() File "/home/victor/dev/suricata-update/suricata/update/commands/updatesources.py", line 50, in update_sources with open(local_index_filename, "wb") as outobj: IOError: [Errno 13] Permission denied: u'/var/lib/suricata/update/cache/index.yaml'
Observed on 1.1.0rc1.
Actions