Wireshark-users: [Wireshark-users] Re : Re : files permissions when using dumpcap with Multiple f
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Patrick ANAT <panat2fr@xxxxxxxx>
Date: Fri, 16 Nov 2007 13:43:11 +0000 (GMT)
setuid for directory doesn't work on GNU Linux System (works on FreeBSD).
setgid works but if the file permission is 600, the group still can't do anything

For the second solution with version 0.99.7, there is still a problem: the ownership of the calling process of dumpcap will be "root" since wireshark is launched with "sudo wireshark".  Then file will still be owned by root.  Maybe a solution will be to only use "sudo" with dumpcap but not with wireshark

Thanks for your answer. If anybody has another idea ?


----- Message d'origine ----
De : Gerald Combs <gerald@xxxxxxxxxxxxx>
À : Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Envoyé le : Jeudi, 15 Novembre 2007, 18h15mn 18s
Objet : Re: [Wireshark-users] Re : files permissions when using dumpcap with Multiple file

You might try writing the files to a directory with the setuid or setgid bit(s)
set, along with the appropriate ownership.

In the next release (0.99.7), dumpcap will attempt to change the ownership of
capture files to that of the calling process.  This makes it possible to install
dumpcap setuid root and run Wireshark and TShark as a normal user, but it should
also work for your purposes.

Patrick ANAT wrote:
> Unfortunately umask is 022
>
> This phenomenon only occurs with the "Multiple File" option
>
> ----- Message d'origine ----
> De : Luis EG Ontanon <luis.ontanon@xxxxxxxxx>
> À : Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> Envoyé le : Jeudi, 15 Novembre 2007, 17h15mn 37s
> Objet : Re: [Wireshark-users] files permissions when using dumpcap with
> Multiple file
>
> man umask
>
> On Nov 15, 2007 4:29 PM, Patrick ANAT <panat2fr@xxxxxxxx
> <mailto:panat2fr@xxxxxxxx>> wrote:
>>
>> Hello,
>>
>> I met a problem when using wireshark on Linux with "sudo".
>>
>> When using dumpcap with Multiple file (-w option), file permissions
> created
>> are:
>> owner: root
>> permission: 600
>>
>> Thus, users can't do anything with file created (can't ftp those files for
>> example)
>>
>> Any solution ?
>>
>> regards
>>
>>  ________________________________
>>  Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo!
>> Mail
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx <mailto:Wireshark-users@xxxxxxxxxxxxx>
>> http://www.wireshark.org/mailman/listinfo/wireshark-users
>>
>>
>
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx <mailto:Wireshark-users@xxxxxxxxxxxxx>
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
> ------------------------------------------------------------------------
> Ne gardez plus qu'une seule adresse mail ! Copiez vos mails
> <http://www.trueswitch.com/yahoo-fr/> vers Yahoo! Mail
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail