Title
#general
d

Deepak

06/16/2021, 3:01 PM
Hi #general, can anyone tell from the logs below why I could not start osqueryd at all? This just happened suddenly
theopolis

theopolis

06/17/2021, 1:36 AM
what does
ls -la /usr/bin/osqueryd
show? If osqueryd is being launched as root then that path and the folder must be owned by root and not user writable.
1:37 AM
This is a safety precaution because osquery will fork and exec itself. So to avoid a TOCTOU security bug, osquery enforces safe permissions. You can bypass this with
--allow_unsafe
but I don't recommend this.
d

Deepak

06/17/2021, 11:13 AM
I’m running it as root.
-rwxr-xr-x. 1 root root 31265080 Oct  6  2020 /usr/bin/osqueryd
Its owned by root and not writable by any user. I’ll try the --allow_unsafe as last resort
theopolis

theopolis

06/17/2021, 3:52 PM
What about
ls -la /usr/bin