Re: [Wireshark-users] dumpcap permissions - Quick help for Ubuntu newbie needed

[Christopher Maynard <Christopher.Maynard () gtech com>]

RUOFF, LARS (LARS)** CTR ** <lars.ruoff@...> writes:

> Ok, just for completeness so it might help others too, i need to be root AND
in root's home dir to caputre:

One possible solution?
$ sudo chmod +s /path/to/dumpcap
$ ls -l /path/to/dumpcap
-rwsr-sr-x  1 root root 66040 Oct  6  2010 /path/to/dumpcap*

$ whoami
dummy
$ dumpcap -w test.pcap
File: test.pcap
Packets: 19 Packets dropped: 0
$ ls -l test.pcap
-rw-------  1 dummy users 1920 Mar 21 12:06 test.pcap

In this case, the user and group are what I would expect.

Another possible solution?
$ sudo visudo  
# Defaults specification
Defaults stay_setuid
:wq

$ sudo chmod -s /path/to/dumpcap
$ ls -l /path/to/dumpcap
-rwxr-xr-x  1 root root 66040 Oct  6  2010 /path/to/dumpcap*
$whoami
dummy
$ dumpcap -w test.pcap
File: test.pcap
Packets: 26 Packets dropped: 0
$ ls -l test.pcap
-rw-------  1 dummy root 2626 Mar 21 12:10 test.pcap

In this case, the user is what I would expect, but the group isn't.  I'm not
sure how to get the group to be "users" instead of "root".  I tried adding
preserve_groups to the sudoers file, but that didn't work.

- Chris


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe