The problem of using the user "nobody" is that if it is used for
various services, and one of these is compromised it can also affect
snort.

IMHO, we have two options:

1) Create a "snort" user/group and provide a package with fewer
privileges by default (users can change that if they want)
2) Run snort as "nobody" and put a message in snort.install showing
how to change the user/group that snort runs.

I think the first option is better.

-- Hugo

Reply via email to