When installing Wireshark, the instructions for whether to enable the wireshark system group are as follows:
Dumpcap can be installed in a way that allows members of the "wireshark"
system group to capture packets. This is recommended over the alternative of
running Wireshark/Tshark directly as root, because less of the code will run
with elevated privileges.For more detailed information please see /usr/share/doc/wireshark-common/README.Debian.gz
once the package is installed.
Enabling this feature may be a security risk, so it is disabled by default.
If in doubt, it is suggested to leave it disabled.
(source: https://salsa.debian.org/debian/wireshark/-/blob/debian/master/debian/po/templates.pot )
The first paragraph says "This is recommended over the alternative", while the last says "it is suggested to leave it disabled" -- making it unclear to me (a relatively novice user) which option to choose! Better instructions would help immensely - for example, those taken directly from the README.Debian file:
[Enabling the option] is the preferred way of installation if Wireshark/Tshark
will be used for capturing and displaying packets at the same time, since
that way only the dumpcap process has to be run with elevated privileges
thanks to the privilege separation.
(
https://salsa.debian.org/debian/wireshark/-/blob/debian/master/debian/README.Debian
)
The above paragraph clarifies the use cases under which this option is recommended to be enabled. Putting this information directly in front of the user BEFORE they have to make this decision - not just in a readme that can be read after the fact - will make much more sense.
I am sure every intention was to make this clear to the user during installation, but alas, the way it is now is not doing that :)
I am not sure whether this is a debian issue or an upstream issue - it's clearly in the debian subdirectory, but the same directory exists upstream (relocated to packaging/debian 1 year ago)
https://gitlab.com/wireshark/wireshark/-/tree/master/packaging/debian
All the best,
Nitai