How to run snort as a non-root user

Posted on September 7, 2008 by bodhi.zazen

Running snort as a non-root user is easy, although I did not easily find documentation.

First, create a user to run snort. In this example I will use “snort”, change the name if you wish.

adduser snort
chsh snort

enter /bin/true

passwd snort -l

    that is a small “L”

give snort permission to write to the log file :

chown -R root.snort /var/log/snort
chmod -R g+w /var/log/snort

Now add -u snort -g snort as options when you start snort :

/usr/local/bin/snort -c /etc/snort/snort.conf -i eth0 -u snort -g snort

Snort is now running as snort (rather then root).

This entry was posted in Linux. Bookmark the permalink.

2 Responses to How to run snort as a non-root user

  1. Charles says:
    March 3, 2009 at 8:39 am

    You must create the group snort (not all distros create automatically a group only for the user, but they associate it to a generic group, like ‘users’) by typng:
    groupadd snort
    usermod -G snort snort

    And the step “give snort permission to write to the log file” should be (unless you created the group before):
    chmod -R u+w /var/log/snort

  2. bodhi.zazen says:
    March 3, 2009 at 10:20 am

    Thank you for your comments Charles.

    Your comments about adding the user snort to the group snort are right on target.

    With the logs, it depends. Personally I keep the logs owned by root with snort as the group, but that is a matter of style.

    Your comments offer an alternate choice and are appreciated.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>