ARGUS_SETUSER_ID works?
Peter Volkov
pva at gentoo.org
Mon Jun 14 15:49:49 EDT 2010
Hi Carter. I'm having difficulties to run argus as an ordinary user. An
error I receive is:
14 Jun 10 23:31:17.192650 ArgusOpenInterface: pcap_open_live vboxnet0:
You don't have permission to capture on that device (socket: Operation not permitted)
>From debug output it looks like argus first drops privileges and then
tries to open interface:
argus[27084.004764936e7f0000]: 14 Jun 10 23:31:17.178440 setArgusInterfaceStatus(1)
14 Jun 10 23:31:17.179098 started
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182332 ArgusEstablishListen(561, 0xb53a7b90) binding: any:561 family: 2
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182609 ArgusInitOutput() done
At this ^^ function, as I see argus drops privileges...
14 Jun 10 23:31:17.182691 started
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182721 ArgusCreatePIDFile(/var/run/argus/, argus) pidpath is /var/run/argus/
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182765 getArgusDevice() returning vboxnet0
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.182951 ArgusCreatePIDFile(0x8529e0, 0xb53a989f) returning /var/run/argus//argus.vboxnet0.0.pid
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.183012 ArgusCloneSource() returning 0x90d73010
argus[27086.10e797916e7f0000]: 14 Jun 10 23:31:17.184937 ArgusOutputProcess(0x84f770) starting
14 Jun 10 23:31:17.192650 ArgusOpenInterface: pcap_open_live vboxnet0: You don't have permission to capture on that device (socket: Operation not permitted)
...and here it fails, like it should.
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192734 ArgusShutDown(SIGHUP)
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192769 ArgusCloseSource(0x921b6010) starting
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192824 ArgusCloseSource(0x921b6010) deleting source
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192854 ArgusCloseEvents() done
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192886 ArgusCloseModeler(0x84f2e0)
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.192912 ArgusCloseOutput() scheduling closure after 0 records
argus[27086.10e797916e7f0000]: 14 Jun 10 23:31:17.285171 ArgusOutputProcess() shuting down 0
argus[27086.10e797916e7f0000]: 14 Jun 10 23:31:17.285258 ArgusOutputProcess() exiting
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.285840 ArgusCloseOutput(0x84f770) done
14 Jun 10 23:31:17.286008 stopped
argus[27086.004764936e7f0000]: 14 Jun 10 23:31:17.286041 ArgusShutDown()
Running as root works fine.
Could you help us to resolve this issue. This is argus-3.0.3.11, but
probably same problem exists in previous argus versions too.
P.S. in attachment there is patch to fix two minor typos in configuration file. Please, apply )
Thank you in advance,
--
Peter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus-3.0.3.11-argus.conf-typo.patch
Type: text/x-patch
Size: 850 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20100614/90580421/attachment.bin>
More information about the argus
mailing list