Project

General

Profile

Actions

Bug #3352

closed

incorrect permissions on /var/run/suricata when RUN_AS_USER is set

Added by Jeff Dyke about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

on a fresh install of suricata 5, i am using RUN_AS_USER, and that user should own /var/run/suricata so it can create and communicate with /var/run/suricata/suricata.socket.

I have modified the init.d script in the function check_run_dir().

it is installed as:

check_run_dir() {
  if [ ! -d /var/run/suricata ]; then
→⋅  mkdir /var/run/suricata
  fi
 →chmod 0755 /var/run/suricata
}

but i believe it should be:

check_run_dir() {
  if [ ! -d /var/run/suricata ]; then
→⋅  mkdir /var/run/suricata
  fi
  # i add the following modification through a configuration mgmt system
  if  [ ! -z "$RUN_AS_USER" ]; then
    chown $RUN_AS_USER /var/run/suricata;
  fi
  # end modification
→⋅chmod 0755 /var/run/suricata
}

I believe it was the same in version 4.X as i had this modification in older versions as well, I have not marked older affected versions as I have had this fix since I first started using Suricata 4.0 Since its so easily fixed, please feel free to change the classification.

And as always, thank you for the great software
Jeff

Actions

Also available in: Atom PDF