From: Vagisha Gupta <vagishagupta23@gmail.com>
Date: Wed, 12 Jun 2019 08:21:24 +0000 (+0530)
Subject: Docs: Setup directories with correct permissions
X-Git-Tag: 1.2.0rc1~22
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16401403a51eed817ac07571c065c0c87affbc9f;p=thirdparty%2Fsuricata-update.git

Docs: Setup directories with correct permissions

Documentation updated with the steps to setup the directories with
the correct permissions.
---

diff --git a/doc/quickstart.rst b/doc/quickstart.rst
index 2489a3c..c6a3bfb 100644
--- a/doc/quickstart.rst
+++ b/doc/quickstart.rst
@@ -40,7 +40,7 @@ Directories and Permissions
 In order for ``suricata-update`` to function, the following
 permissions are required:
 
-* Directory /etc/suricata: read access
+* Directory /etc/suricata: read/write access
 * Directory /var/lib/suricata/rules: read/write access
 * Directory /var/lib/suricata/update: read/write access
 
@@ -48,12 +48,47 @@ One option is to simply run ``suricata-update`` as root or with
 ``sudo``.
 
 .. note:: It is recommended to create a ``suricata`` group and setup
-          the above directories with the correction permissions for
+          the above directories with the correct permissions for
           the ``suricata`` group then add users to the ``suricata``
           group.
 
-	  More documentation will be provided about this, including a
-	  tool to verify and maybe setup the permissions.
+Steps to setup the above directories with the correct permissions:
+
+First, create a group ``suricata``::
+
+    sudo groupadd suricata
+
+Next, change the group of the directories and its files recursively::
+
+    sudo chgrp -R suricata /etc/suricata
+    sudo chgrp -R suricata /var/lib/suricata/rules
+    sudo chgrp -R suricata /var/lib/suricata/update
+
+.. note:: The paths ``/etc/suricata`` and ``/var/lib`` above are used
+          in the default configuration and are dependent on paths set
+          during compilation. By default, these paths are set to
+          ``/usr/local``.
+          Please check your configuration for appropriate paths.
+
+Setup the directories with the correct permissions for the ``suricata``
+group::
+
+    sudo chmod -R g+r /etc/suricata/
+    sudo chmod -R g+rw /var/lib/suricata/rules
+    sudo chmod -R g+rw /var/lib/suricata/update
+
+Now, add user to the group::
+
+    sudo usermod -a -G suricata username
+
+Verify whether group has been changed::
+
+    ls -al /etc/suricata
+    ls -al /var/lib/suricata/rules
+    ls -al /var/lib/suricata/update
+
+Reboot your system. Run ``suricata-update`` without a sudo to check
+if suricata-update functions.
 
 Update Your Rules
 =================