[Bro] how to run as non-root user?
Jingmin Zhou
jmzhou.ml at gmail.com
Fri Jul 15 11:54:36 PDT 2005
Hi,
I am a new user of bro, and have recently install bro 0.9a9 on a Linux
box. I have a question with bro:
I want to run bro as non-root user, and have created an account for
bro. However, when I try to start bro with bro.rc, it reports "problem
with interface eth0 - pcap_open_live: socket: Operation not
permitted". Does it mean that I need to setuid bro binary? If so, does
bro drops privilege after pcap_open? (A quick grep shows that bro does
not call setuid()).
BTW, there is a small issue with bro.rc. It calls bro with "su -l
${alternate_user_id}...". On my system, the shell of root account is
tcsh. Then when I run bro.rc from an interactive root shell, it
prompts the error as follows:
Unknown option: `-l'
Usage: tcsh [ -bcdefilmnqstvVxX ] [ argument ... ].
To fix it, either I need to change root shell to bash (which is not
preferred IMHO), or change bro.rc as "su - ${alternate_user_id}...".
Thanks!
Jingmin
More information about the Bro
mailing list