Package: tcpdump Version: 4.99.0-2 Severity: normal X-Debbugs-Cc: d...@msu.edu
According to the manpage, if run as root, tcpdump switches to the tcpdump user. It's supposed to be possible to override this behavior by using the "-Z root" command line option. The following session was executed as root: ozymandias 179 # tcpdump -r /tmp/ax0.cap -Z root tcpdump: /tmp/ax0.cap: Permission denied ozymandias 180 # tcpdump -r /tmp/ax0.cap -Z tcpdump tcpdump: /tmp/ax0.cap: Permission denied ozymandias 181 # dir /tmp/ax0.cap -rw-r--r-- 1 tcpdump tcpdump 434176 jun 3 11:41 /tmp/ax0.cap Order of the "-r" and "-Z" options make no difference. If one chown's the file root:root, then tcpdump will read it. -- System Information: Debian Release: 11.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386, armhf Kernel: Linux 5.10.0-7-amd64 (SMP w/20 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=es_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages tcpdump depends on: ii adduser 3.118 ii libc6 2.31-12 ii libpcap0.8 1.10.0-2 ii libssl1.1 1.1.1k-1 tcpdump recommends no packages. Versions of packages tcpdump suggests: ii apparmor 2.13.6-10 -- no debconf information