From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 6 Aug 2025 15:24:29 +0000 (+0100)
Subject: suricata-reporter: Make ownership of the socket configurable
X-Git-Tag: 0.1~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe9ea3574508300e79973c4fd3ac8488436cd552;p=suricata-reporter.git

suricata-reporter: Make ownership of the socket configurable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/suricata-reporter b/src/suricata-reporter
index a5f6968..cea8ae9 100644
--- a/src/suricata-reporter
+++ b/src/suricata-reporter
@@ -25,11 +25,13 @@ import configparser
 import datetime
 import email.message
 import email.utils
+import grp
 import json
 import logging
 import logging.handlers
 import multiprocessing
 import os
+import pwd
 import queue
 import signal
 import socket
@@ -92,6 +94,25 @@ class Reporter(object):
 		return self.config.get("DEFAULT", "socket",
 			fallback="/var/run/suricata/reporter.socket")
 
+	def get_socket_owner(self):
+		# Fetch the user/group from the configuration
+		uname = self.config.get("DEFAULT", "user", fallback="suricata")
+		gname = self.config.get("DEFAULT", "group", fallback="suricata")
+
+		# Fetch the user and group
+		try:
+			user = pwd.getpwnam(uname)
+		except KeyError:
+			user = None
+
+		try:
+			group = grp.getgrnam(gname)
+		except KeyError:
+			group = None
+
+		# Return a tuple with the desired user/group IDs
+		return (user.pw_uid if user else -1, group.gr_gid if group else -1)
+
 	def _create_socket(self):
 		"""
 			Creates a new socket to receive messages on
@@ -108,6 +129,12 @@ class Reporter(object):
 			# Terminate immediately
 			raise SystemExit(1)
 
+		# Fetch the socket owner
+		uid, gid = self.get_socket_owner()
+
+		# Adjust the ownership
+		os.chown(self.socket_path, uid, gid)
+
 		# Call something whenever we receive data on the socket
 		self.loop.add_reader(sock.fileno(), self._receive_message, sock)