suricata: add run-as.user and run-as.group yaml var

This patch update the YAML to be able to specify the user or the group to run Suricata as: run-as: user: suri group: suri
12 years ago · fc9e0df33b
parent 961eda2108
commit fc9e0df33b
2 changed files with 18 additions and 0 deletions
--- a/src/suricata.c
+++ b/src/suricata.c
@ -1714,6 +1714,19 @@ int main(int argc, char **argv)
 	/* SIGHUP is not implemnetd on WIN32 */
    //UtilSignalHandlerSetup(SIGHUP, SignalHandlerSighup);

+    /* Try to get user/group to run suricata as if
+       command line as not decide of that */
+    if (do_setuid == FALSE && do_setgid == FALSE) {
+        char *id;
+        if (ConfGet("run-as.user", &id) == 1) {
+            do_setuid = TRUE;
+            user_name = id;
+        }
+        if (ConfGet("run-as.group", &id) == 1) {
+            do_setgid = TRUE;
+            group_name = id;
+        }
+    }
    /* Get the suricata user ID to given user ID */
    if (do_setuid == TRUE) {
        if (SCGetUserID(user_name, group_name, &userid, &groupid) != 0) {
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -32,6 +32,11 @@
 #
 #autofp-scheduler: active-packets

+# Run suricata as user and group.
+#run-as:
+#  user: suri
+#  group: suri
+
 # Default pid file.
 # Will use this file if no --pidfile in command options.
 #pid-file: /var/run/suricata.pid