On Wednesday, September 24, 2008, 6:51:17 AM, Xiao Li wrote: > Oh, I didn't know the trick of modifying the permission of dumpcap > -Thanks for pointing this out.
If you setuid root dumpcap, you should probably make sure it's chowned to root and chgrp it to a limited supplementary group containing only those non-root users who should be able to capture, then use chmod it mode 04750 (-rwsr-x---). (In that order, or the setuid bit will get reset.) Unless you trust "nobody" and "webuser" of course... (Incidentally, some distributions such as Fedora symlink /usr/bin/wireshark to consolehelper or a similar GUI app which asks for a root password to elevate the main wireshark process. The real binary is put into /usr/sbin/wireshark. I find setuiding dumpcap and resetting the symlink direct to the real wireshark binary much better. Wireshark just doesn't work very well when its config file keeps switching between root's and yours. I've tried pointing consolehelper at dumpcap itself, but even after a bunch of fiddly config, that appears to fail. Missing file descriptors by the time dumpcap gets control, I think.) > On Wed, Sep 24, 2008 at 12:50 AM, Jaap Keuter <[EMAIL PROTECTED]> wrote: >> You state that you need root access to build and run Wireshark. That is >> untrue >> and potentially dangerous. First of all leave it out of the build, so: >> >> ... execute "./autogen.sh && ./configure" in command line.... >> >> You can run Wireshark straight up, without becoming root, to read in capture >> files. If you want to capture you can modify the permissions of dumpcap, the >> capture utility, to setuid root. Then Wireshark can capture, without >> becoming root. This is fine for capturing post-install, but I haven't found a way to run wireshark direct from the build directory as non-root yet still be able to capture. (The problem being that running from the build dir uses a whole bunch of LD_LIBRARY_PATH magic to make sure that you pick up the shared libraries you've just built not the system ones, and that conflicts with the suidness of dumpcap.) John -- Dead stars still burn _______________________________________________ Wireshark-dev mailing list [email protected] https://wireshark.org/mailman/listinfo/wireshark-dev
