[arch-general] [arch-dev-public] Snort UID / GID

Tino Reichardt list-arch at mcmilk.de
Sun Jul 20 04:02:18 EDT 2008

* Hugo Doria <hugodoria at gmail.com> wrote:
> The problem of using the user "nobody" is that if it is used for
> various services, and one of these is compromised it can also affect
> snort.
> IMHO, we have two options:
> 1) Create a "snort" user/group and provide a package with fewer
> privileges by default (users can change that if they want)
> 2) Run snort as "nobody" and put a message in snort.install showing
> how to change the user/group that snort runs.
> I think the first option is better.

I vote also for the first option, but we need some place, were all
uids/gids are listed. The wiki is the right place for doing that.

Snowman started in may 2008 such a list, as you can see here:

A second aproach I would prefer over the first option mentioned above is
the following:

In the PKGBUILD these two options in 3 variants:

1) user1/group1 are listed in a database of pacman:

2) user1 gets uid1, which is defined in the PKGBUILD file
   group1 is taken from database

3) user1/group2 become some random uid (ranges are set in pacman.conf)
   group2 will be set to gid2
require_group('group1:random' 'group2:gid2')

regards, TR

More information about the arch-general mailing list