Re: [tcpdump-workers] -G and -C options

Tue, 17 Sep 2019 04:27:20 -0700 

On 9/16/19 4:21 PM, Michael Richardson wrote:
> Michal Ruprich <michalrupr...@gmail.com> wrote:
>     > with -C option, the manpage says "Note that when used with -Z option
>     > (enabled by default), privilegesĀ  areĀ  droppedĀ  before opening first
>     > savefile." So when I run tcpdump as root like this:
>
>     > # tcpdump -n -i eth0 -s 0 -C 3 -w /opt/tcpdump%F--%T.pcap
>
>     > I immediately get 'Permission' denied error - as expected.
>
> assuming that your username has no permissions on /opt
Actually no, the privileges are dropped every time - even when I run
tcpdump as root, the privileges are dropped before the file is created
and user tcpdump is used. But this is not the point, This behavior is
expected, my concern was about the manpage that's all.
>
>     > Now with -G, I think that the behavior should be similar but tcpdump
>     > drops root privileges after creating the first file:
>
>     > # tcpdump -n -i eth0 -s 0 -G 3 -w /opt/tcpdump%F--%T.pcap
>
> That might be a reasonable behaviour, but it's not.
> You'd generally want to switch to a username that has write permission.
>
>     > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
>     > 262144 bytes
>     > tcpdump: /opt/tcpdump2019-09-16--07:03:32.pcap: Permission denied
>
>     > # ls /opt
>
>     > tcpdump2019-09-16--07:03:29.pcap
>
>     > So with -G I get just the first file created. -C and -G have a very
>     > similar rotation logic so perhaps the behavior should be similar as
>     > well? Or at least this could be mentioned in the manpage under -G - the
>     > fact that at least one file will be created.
>
> There a lot of considerations around this.
> If you want to rotate files, then you need to keep permissions to write.
> I'll try to review the man page, but any updates to document what *is* would
> be welcome, even if what *is* makes little sense.
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
> ]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    
> [
>
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Reply via email to