-----Original Message----- >From: Bob Young [mailto:[EMAIL PROTECTED] >Sent: Thursday, May 01, 2008 10:03 AM >To: Gentoo-user List >Subject: [gentoo-user] Wireshark won't run except as root
> I've emerged wireshark, and made myself a member of both the wireshark > group, and the tcpdump group, but still wireshark refuses to capture > packets if executed as a non root user. The error message is: "Couldn't > run dumpcap as a child process: Permission denied." > > A little research indicated that dumpcap should be installed suid root and > It appears that it is, but I still can't execute it as a non-root user: > > I'm sure it's probably something simple that I'm unaware of or not seeing > for some reason. Can anybody point out what I'm doing wrong. > > Thanks, > Bob Young > San Jose, CA. Well a little more experimentation proved that world has to have execute permission: [ 18:16:56 ] Thu May 01 /home/Cyor $ : su Password: [ 18:25:38 ] Thu May 01 /home/Cyor $ : cd /usr/bin/ [ 18:28:52 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap 52 -rwxr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap [ 18:28:58 ] Thu May 01 /usr/bin $ : chmod u+s ./dumpcap [ 18:29:26 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap 52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap [ 18:29:30 ] Thu May 01 /usr/bin $ : exit exit [ 18:29:44 ] Thu May 01 /home/Cyor $ : whoami Cyor [ 18:30:11 ] Thu May 01 /home/Cyor $ : cd /usr/bin/ [ 18:30:21 ] Thu May 01 /usr/bin $ : ./dumpcap bash: ./dumpcap: Permission denied [ 18:30:24 ] Thu May 01 /usr/bin $ : su Password: [ 18:31:18 ] Thu May 01 /usr/bin $ : whoami root [ 18:32:03 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap 52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap [ 18:32:14 ] Thu May 01 /usr/bin $ : chmod o+x ./dumpcap [ 18:32:29 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap 52 -rwsr-x--x 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap [ 18:32:34 ] Thu May 01 /usr/bin $ : exit exit [ 18:32:41 ] Thu May 01 /usr/bin $ : whoami Cyor [ 18:32:49 ] Thu May 01 /usr/bin $ : ./dumpcap File: /tmp/etherXXXX1wMVki ^CPackets dropped: 0 My question is: If the wireshark GROUP has execute permission to dumpcap, and user Cyor is a member of the wireshark group, why can't Cyor execute dumpcap without the execute bit for everyone being set? Doesn't this mean that the entire world world (member of wireshark group or not) can execute an an SUID root program? If that's the case what's the purpose of having the wireshark group? Note: Cyor is a member of wireshark group: [ 18:32:55 ] Thu May 01 /usr/bin $ : cat /etc/group root::0:root . . .[snip] wheel::10:root,BYoung,Cyor wireshark:x:446:BYoung,Cyor ntp:x:123: tcpdump:x:447:Byoung,Cyor +:::::: Thanks, Bob Young San Jose, CA -- [email protected] mailing list
