Re: dumpcap/tshark permissions on created pcap files

[Jaap Keuter <jaap.keuter () xs4all nl>]

But what you should do is adapt the way you capture. 

As the opening screen of Wireshark says:
“Are you a member of the ‘wireshark' group? Try running
‘usermod -a -G wireshark _your_username_’ as root”.
Then logout and login again.

From now on you can capture as you (not root), and the capture files will be created under your username.
With your users umask (0002) your files should be:
1) Owned by you
2) Accessible to others

Good luck.

> On 17 May 2018, at 07:48, luke devon via Wireshark-users <wireshark-users () wireshark org> wrote:
>
> Hi Guy , 
>
> Yes, It works. Thank you so much for the help. 
>
> Br
> Luke.
>
> On Thursday, 17 May 2018, 1:26:43 PM GMT+8, Guy Harris <guy () alum mit edu> wrote:
>
>
> On May 16, 2018, at 7:51 PM, luke devon via Wireshark-users <wireshark-users () wireshark org <mailto:wireshark-users 
> () wireshark org>> wrote:
>
> > How can I fix this ?
>
> Run
>
>     chmod o+r Test_00003_20180517095317.pcap
>
> as root to give "other" read permission on the file.
>
>
> > what is the root cause for it ?
>
>
> You ran dumpcap as root (or you ran tshark as root, and *it* ran dumpcap, so dumpcap also ran as root), so the file 
> it creates is owned by root, group root, and root probably has a umask of 0026 or 0027, so, by default, files are 
> created with group write permission, and *all* other permissions, turned off.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe