Did some reading, it looks like this isn't actually a bug, but more of a 'feature'.
Dumpcap needs root to be able to access the raw network interface, but the majority of the processing etc. that it does can be done without root. When it runs, it opens the interface using its root powers, then explicitly tells the kernel to drop all other root powers it owns, in order to prevent security problems. One of the effects of this is that root user can only write in locations it actually owns (ie not regular home directories - those are owned by the respective users). So really, this is by-design from the authors upstream. If you want it changed, I suggest you take it up with the wireshark developers, although I think their reasoning is fairly sound: wireshark and dumpcap have historically had a lot of security vulnerabilities, and dropping privileges is good practice when they're not actually needed. An easy way to work around this is to write the file to /tmp, then cp it where you want it as normal user. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453292 [2] http://anonsvn.wireshark.org/wireshark/trunk/doc/README.packaging ** Changed in: wireshark (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/389467 Title: sudo dumpcap will not write output files to ~/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/wireshark/+bug/389467/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
