Skip to content

Commit

Permalink
Docs: Setup directories with correct permissions
Browse files Browse the repository at this point in the history 
Documentation updated with the steps to setup the directories with
the correct permissions.
  • Loading branch information
@vagishagupta23 @inashivb
vagishagupta23 authored and inashivb committed Dec 22, 2019
1 parent 5679add commit 1640140
Showing 1 changed file with 39 additions and 4 deletions.
43 changes: 39 additions & 4 deletions doc/quickstart.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,20 +40,55 @@ Directories and Permissions
In order for ``suricata-update`` to function, the following
permissions are required:

* Directory /etc/suricata: read access
* Directory /etc/suricata: read/write access
* Directory /var/lib/suricata/rules: read/write access
* Directory /var/lib/suricata/update: read/write access

One option is to simply run ``suricata-update`` as root or with
``sudo``.

.. note:: It is recommended to create a ``suricata`` group and setup
the above directories with the correction permissions for
the above directories with the correct permissions for
the ``suricata`` group then add users to the ``suricata``
group.

More documentation will be provided about this, including a
tool to verify and maybe setup the permissions.
Steps to setup the above directories with the correct permissions:

First, create a group ``suricata``::

sudo groupadd suricata

Next, change the group of the directories and its files recursively::

sudo chgrp -R suricata /etc/suricata
sudo chgrp -R suricata /var/lib/suricata/rules
sudo chgrp -R suricata /var/lib/suricata/update

.. note:: The paths ``/etc/suricata`` and ``/var/lib`` above are used
in the default configuration and are dependent on paths set
during compilation. By default, these paths are set to
``/usr/local``.
Please check your configuration for appropriate paths.

Setup the directories with the correct permissions for the ``suricata``
group::

sudo chmod -R g+r /etc/suricata/
sudo chmod -R g+rw /var/lib/suricata/rules
sudo chmod -R g+rw /var/lib/suricata/update

Now, add user to the group::

sudo usermod -a -G suricata username

Verify whether group has been changed::

ls -al /etc/suricata
ls -al /var/lib/suricata/rules
ls -al /var/lib/suricata/update

Reboot your system. Run ``suricata-update`` without a sudo to check
if suricata-update functions.

Update Your Rules
=================
Expand Down

0 comments on commit 1640140

Please sign in to comment.