Hi to the Suricata community,
I am running Suricata 7.0.4 on Fedora 39 ; it was installed as a rpm.
When running suricata-update, the rules can’t get updated if I don’t run the command as root : there is an error with the permission needed to write in /var/lib/suricata/rules.
5/4/2024 -- 21:25:11 - <Error> -- Failed to create directory /var/lib/suricata/rules: [Errno 13] Permission denied: '/var/lib/suricata/rules'
Going through the documentation step by step, I checked the other permissions (5.1.2 File System Permissions) and basically, they are as they should be, except /var/lib/suricata/rules.
The issue seemed to be the same as in this post so I ran the commands :
sudo chmod 2770 /var/lib/suricata
sudo chown -R root:suricata /var/lib/suricata
The permissions of the /var/lib/suricata directory don’t fully reflect these commands though, as the error still occurs and the output is :
drwxrws—. 2 root suricata 4.0K Apr 5 19:57 rules
drwxrwsr-x. 4 root suricata 4.0K Apr 3 13:43 update
Thought to maybe check attributes, and the output is :
$ sudo lsattr /var/lib/suricata
--------------e------- /var/lib/suricata/rules
--------------e------- /var/lib/suricata/update
Not sure about it, the Man pages for lsattr and chattr say that “e” cannot be removed.
What can / should be done please to run suricata-update without root? Or what would be your advice on this please ?
Many thanks.