Wireshark-users: Re: [Wireshark-users] dumpcap permissions - Quick help for Ubuntu newbie needed

From: "RUOFF, LARS (LARS)** CTR **" <lars.ruoff@xxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Mar 2012 09:39:10 +0100
Ok, just for completeness so it might help others too, i need to be root AND in root's home dir to caputre:

$ whoami
dummy
$ pwd
/home/dummy
$ dumpcap -w test.pcap
dumpcap: There are no interfaces on which a capture can be done
$ sudo dumpcap -w test.pcap
[sudo] password for dummy: 
The file to which the capture would be saved ("test.pcap") could not be opened: Permission denied.
$ su root
Password: 
# whoami
root
# dumpcap -w test.pcap
The file to which the capture would be saved ("test.pcap") could not be opened: Permission denied.
# cd ~
# pwd
/root
# dumpcap -w test.pcap
File: test.pcap

Packets: 38 
Packets: 76 ^C
Packets: 93 Packets dropped: 0 

Regards,
Lars

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joerg Mayer
Sent: mardi 20 mars 2012 17:33
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] dumpcap permissions - Quick help for Ubuntu newbie needed

Hello Lars,

On Tue, Mar 20, 2012 at 05:04:06PM +0100, RUOFF, LARS (LARS)** CTR ** wrote:
> On an Ubunutu 10.04, I tried to
> sudo dumpcap -w d1.pcap
> 
> which gave me:
> The file to which the capture would be saved ("d1.pcap") could not be opened: Permission denied.
> 
> according to my naive Linux knowledge, i would have expected "sudo" to give me all the necessary permissions.
> What am i missing here?

Maybe Ubuntu drops permissions once it has openend the capture devices.
So the capture devices have been opened before dropping privileges but the output files were opened after dropping privileges.  At least Debian does it like this when I call wireshark/tshark.

Ciao
  Jörg
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe