Package: tcpdump
Version: 4.99.0-2
Severity: normal
X-Debbugs-Cc: d...@msu.edu
According to the manpage, if run as root, tcpdump switches to the
tcpdump user. It's supposed to be possible to override this behavior
by using the "-Z root" command line option.
The following session was executed as root:
ozymandias 179 # tcpdump -r /tmp/ax0.cap -Z root
tcpdump: /tmp/ax0.cap: Permission denied
ozymandias 180 # tcpdump -r /tmp/ax0.cap -Z tcpdump
tcpdump: /tmp/ax0.cap: Permission denied
ozymandias 181 # dir /tmp/ax0.cap
-rw-r--r-- 1 tcpdump tcpdump 434176 jun 3 11:41 /tmp/ax0.cap
Order of the "-r" and "-Z" options make no difference.
If one chown's the file root:root, then tcpdump will read it.
-- System Information:
Debian Release: 11.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 5.10.0-7-amd64 (SMP w/20 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=es_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages tcpdump depends on:
ii adduser 3.118
ii libc6 2.31-12
ii libpcap0.8 1.10.0-2
ii libssl1.1 1.1.1k-1
tcpdump recommends no packages.
Versions of packages tcpdump suggests:
ii apparmor 2.13.6-10
-- no debconf information
