14 lines
408 B
Text
14 lines
408 B
Text
Use setresuid/gid() directly to change user and group. Otherwise
|
|
Suricata uses libcap-ng on Linux and runs as root elsewhere.
|
|
|
|
Index: src/suricata.c
|
|
--- src/suricata.c.orig
|
|
+++ src/suricata.c
|
|
@@ -2929,6 +2929,7 @@ int SuricataMain(int argc, char **argv)
|
|
|
|
PostRunStartedDetectSetup(&suricata);
|
|
|
|
+ SCSetUserID(suricata.userid, suricata.groupid);
|
|
SCPledge();
|
|
SuricataMainLoop(&suricata);
|
|
|