<
wireshark-dev@xxxxxxxxxxxxx <mailto:
wireshark-dev@wireshark.org>>
Subject: Re: [Wireshark-dev] DUMPCAP -g (Set ring buffer file group
permissions)
On Dec 11, 2012, at 8:24 PM, John Powell wrote:
> Hi Jeff,
>
> I must be missing something.
>
> I set dumpcap permissions to:
>
> # ls -l /usr/local/bin/dumpcap
> -rwxr-xr-- 1 root wireshark 230157 Dec 11 10:40
/usr/local/bin/dumpcap
>
> and the dumpcap command is:
>
> root /usr/local/bin/dumpcap -B 16 -i 2 -f vlan and
(not vrrp and not udp port 1985 and not ether host
01:00:0c:cc:cc:cc) -g wireshark -b filesize:250000 -b duration:900
-w /var/opt/data/captures.cap
After looking at the code, I think you misunderstood the -g option.
As far as I see, you can't specify the group, you can just allow the
group to
read the file.
So, for example:
dumpcap -w test0.pcapng
and then
dumpcap -g -w test1.pcapng
results in
[mba:~/Documents/wireshark/
trunk] tuexen% ls -l test?.pcapng
-rw------- 1 tuexen staff 324 Dec 11 20:37 test0.pcapng
-rw-r----- 1 tuexen staff 532 Dec 11 20:37 test1.pcapng
So as you see, you can't specify the group, but control if the group
members can
read the file.
Best regards
Michael
>
> I also tried
>
> root /usr/local/bin/dumpcap -B 16 -i 2 -f
vlan and (not vrrp and not udp port 1985 and not ether host
01:00:0c:cc:cc:cc) -g -b filesize:250000 -b duration:900 -w
/var/opt/data/captures.cap
>
> but the ring buffer files still end up "root root".
>
> ]# ls /var/opt/data/captures/* -l
> -rw-r----- 1 root root 111542192 Dec 11 13:19 /var/
>
> Thoughts??
>
> Any guidance will be appreciated!
>
> Thanks!
>
> -John
>
> On Tue, Dec 11, 2012 at 1:11 PM, John Powell <
jrp999@xxxxxxxxx