[arch-general] [arch-dev-public] Snort UID / GID

Hugo Doria hugodoria at gmail.com
Thu Jul 17 14:13:41 EDT 2008

The problem of using the user "nobody" is that if it is used for
various services, and one of these is compromised it can also affect

IMHO, we have two options:

1) Create a "snort" user/group and provide a package with fewer
privileges by default (users can change that if they want)
2) Run snort as "nobody" and put a message in snort.install showing
how to change the user/group that snort runs.

I think the first option is better.

-- Hugo

More information about the arch-general mailing list