$ sudo chmod +s /path/to/dumpcap
Nice! Didn't know that. Thanks Chris.
>From the alarm-red color ls now prints /path/to/dumpcap on my console I conclude there might be some security risk here ;-), but as in my case it's in an isolated lab system, it's fine for me.
Lars
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Christopher Maynard
Sent: mercredi 21 mars 2012 17:14
To: wireshark-users@xxxxxxxxxxxxx
Subject: Re: [Wireshark-users] dumpcap permissions - Quick help for Ubuntu newbie needed
RUOFF, LARS (LARS)** CTR ** <lars.ruoff@...> writes:
>
> Ok, just for completeness so it might help others too, i need to be
> root AND
in root's home dir to caputre:
One possible solution?
$ sudo chmod +s /path/to/dumpcap
$ ls -l /path/to/dumpcap
-rwsr-sr-x 1 root root 66040 Oct 6 2010 /path/to/dumpcap*
$ whoami
dummy
$ dumpcap -w test.pcap
File: test.pcap
Packets: 19 Packets dropped: 0
$ ls -l test.pcap
-rw------- 1 dummy users 1920 Mar 21 12:06 test.pcap
In this case, the user and group are what I would expect.
Another possible solution?
$ sudo visudo
# Defaults specification
Defaults stay_setuid
:wq
$ sudo chmod -s /path/to/dumpcap
$ ls -l /path/to/dumpcap
-rwxr-xr-x 1 root root 66040 Oct 6 2010 /path/to/dumpcap* $whoami dummy $ dumpcap -w test.pcap
File: test.pcap
Packets: 26 Packets dropped: 0
$ ls -l test.pcap
-rw------- 1 dummy root 2626 Mar 21 12:10 test.pcap
In this case, the user is what I would expect, but the group isn't. I'm not sure how to get the group to be "users" instead of "root". I tried adding preserve_groups to the sudoers file, but that didn't work.
- Chris
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe