setuid for directory doesn't work on GNU Linux System (works on FreeBSD).
setgid works but if the file permission is 600, the group still can't do anything
For the second solution with version 0.99.7, there is still a problem: the ownership of the calling process of dumpcap will be "root" since wireshark is launched with "sudo wireshark". Then file will still be owned by root. Maybe a solution will be to only use "sudo" with dumpcap but not with wireshark
Thanks for your answer. If anybody has another idea ?
----- Message d'origine ----
De : Gerald Combs <gerald@xxxxxxxxxxxxx>
À :
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Envoyé le : Jeudi, 15 Novembre 2007, 18h15mn 18s
Objet : Re: [Wireshark-users] Re : files permissions when using dumpcap with Multiple file
You might try writing the files to a directory with the setuid or
setgid bit(s)
set, along with the appropriate ownership.
In the next release (0.99.7), dumpcap will attempt to change the
ownership of
capture files to that of the calling process. This makes it possible
to install
dumpcap setuid root and run Wireshark and TShark as a normal user, but
it should
also work for your purposes.
Patrick ANAT wrote:
> Unfortunately umask is 022
>
> This phenomenon only occurs with the "Multiple File" option
>
> ----- Message d'origine ----
> De : Luis EG Ontanon <
luis.ontanon@xxxxxxxxx>
> À : Community support list for Wireshark
<
wireshark-users@xxxxxxxxxxxxx>
> Envoyé le : Jeudi, 15 Novembre 2007, 17h15mn 37s
> Objet : Re: [Wireshark-users] files permissions when using dumpcap
with
> Multiple file
>
> man umask
>
> On Nov 15, 2007 4:29 PM, Patrick ANAT <
panat2fr@xxxxxxxx> <mailto:
panat2fr@xxxxxxxx>> wrote:
>>
>> Hello,
>>
>> I met a problem when using wireshark on Linux with "sudo".
>>
>> When using dumpcap with Multiple file (-w option), file permissions
> created
>> are:
>> owner: root
>> permission: 600
>>
>> Thus, users can't do anything with file created (can't ftp those
files for
>> example)
>>
>> Any solution ?
>>
>> regards
>>
>> ________________________________
>> Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers
Yahoo!
>> Mail
>> _______________________________________________
>> Wireshark-users mailing list
>>
Wireshark-users@xxxxxxxxxxxxx <mailto:
Wireshark-users@xxxxxxxxxxxxx>
>>
http://www.wireshark.org/mailman/listinfo/wireshark-users>>
>>
>
>
>
> --
> This information is top security. When you have read it, destroy
yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-users mailing list
>
Wireshark-users@xxxxxxxxxxxxx <mailto:
Wireshark-users@xxxxxxxxxxxxx>
>
http://www.wireshark.org/mailman/listinfo/wireshark-users>
>
>
------------------------------------------------------------------------
> Ne gardez plus qu'une seule adresse mail ! Copiez vos mails
> <
http://www.trueswitch.com/yahoo-fr/> vers Yahoo! Mail
>
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-users mailing list
>
Wireshark-users@xxxxxxxxxxxxx>
http://www.wireshark.org/mailman/listinfo/wireshark-users_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxxhttp://www.wireshark.org/mailman/listinfo/wireshark-users
