How to run snort as a non-root user
September 7th, 2008 by bodhi.zazen
Running snort as a non-root user is easy, although I did not easily find documentation.
First, create a user to run snort. In this example I will use “snort”, change the name if you wish.
adduser snort
chsh snort
enter /bin/true
passwd snort -l
- that is a small “L”
give snort permission to write to the log file :
chown -R root.snort /var/log/snort
chmod -R g+w /var/log/snort
Now add -u snort -g snort as options when you start snort :
/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -u snort -g snort
Snort is now running as snort (rather then root).
Posted in Linux
You must create the group snort (not all distros create automatically a group only for the user, but they associate it to a generic group, like ‘users’) by typng:
groupadd snort
usermod -G snort snort
And the step “give snort permission to write to the log file” should be (unless you created the group before):
chmod -R u+w /var/log/snort
Comment by Charles — March 3, 2009 @ 8:39 am
Thank you for your comments Charles.
Your comments about adding the user snort to the group snort are right on target.
With the logs, it depends. Personally I keep the logs owned by root with snort as the group, but that is a matter of style.
Your comments offer an alternate choice and are appreciated.
Comment by bodhi.zazen — March 3, 2009 @ 10:20 am