Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#804329: Chmod 4711 for dumpcap not set
16 views
Skip to first unread message
Heinrich Schuchardt
Nov 7, 2015, 7:50:02 AM11/7/15
to
Package: wireshark-common
Version: 1.12.1+g01b65bf-4+deb8u3
Severity: normal
Dear Maintainer,
I installed wireshark
sudo apt-get install wireshark
I answered
Should non-superusers be able to capture packets? Yes
I added myself to the user group
adduser user wireshark
I was no able to capture data.
I had to manually set
sudo chmod 4711 /usr/bin/dumpcap
My expecation is that this chmod should be effected by configuration of
wireshark-common.
Best regards
Heinrich Schuchardt
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages wireshark-common depends on:
ii debconf [debconf-2.0] 1.5.56
ii libc6 2.19-18+deb8u1
ii libcap2 1:2.24-8
ii libcap2-bin 1:2.24-8
ii libgcrypt20 1.6.3-2
ii libglib2.0-0 2.42.1-1
ii libnl-3-200 3.2.24-2
ii libnl-genl-3-200 3.2.24-2
ii libpcap0.8 1.6.2-2
ii libwireshark5 1.12.1+g01b65bf-4+deb8u3
ii libwiretap4 1.12.1+g01b65bf-4+deb8u3
ii libwsutil4 1.12.1+g01b65bf-4+deb8u3
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages wireshark-common recommends:
ii wireshark 1.12.1+g01b65bf-4+deb8u3
wireshark-common suggests no packages.
-- debconf information:
* wireshark-common/install-setuid: true
Version: 1.12.1+g01b65bf-4+deb8u3
Severity: normal
Dear Maintainer,
I installed wireshark
sudo apt-get install wireshark
I answered
Should non-superusers be able to capture packets? Yes
I added myself to the user group
adduser user wireshark
I was no able to capture data.
I had to manually set
sudo chmod 4711 /usr/bin/dumpcap
My expecation is that this chmod should be effected by configuration of
wireshark-common.
Best regards
Heinrich Schuchardt
-- System Information:
Debian Release: 8.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages wireshark-common depends on:
ii debconf [debconf-2.0] 1.5.56
ii libc6 2.19-18+deb8u1
ii libcap2 1:2.24-8
ii libcap2-bin 1:2.24-8
ii libgcrypt20 1.6.3-2
ii libglib2.0-0 2.42.1-1
ii libnl-3-200 3.2.24-2
ii libnl-genl-3-200 3.2.24-2
ii libpcap0.8 1.6.2-2
ii libwireshark5 1.12.1+g01b65bf-4+deb8u3
ii libwiretap4 1.12.1+g01b65bf-4+deb8u3
ii libwsutil4 1.12.1+g01b65bf-4+deb8u3
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages wireshark-common recommends:
ii wireshark 1.12.1+g01b65bf-4+deb8u3
wireshark-common suggests no packages.
-- debconf information:
* wireshark-common/install-setuid: true
Bálint Réczey
Nov 7, 2015, 1:50:02 PM11/7/15
to
Control: tags -1 moreinfo unreproducible
Hi Heinrich,
2015-11-07 16:42 GMT+04:00 Heinrich Schuchardt <xypro...@gmx.de>:
> Package: wireshark-common
> Version: 1.12.1+g01b65bf-4+deb8u3
> Severity: normal
>
> Dear Maintainer,
>
> I installed wireshark
> sudo apt-get install wireshark
>
> I answered
> Should non-superusers be able to capture packets? Yes
>
> I added myself to the user group
> adduser user wireshark
After this step you need to log out an in again to make your session's
group membership include wireshark.
I have just extended README.Debian to make that clear [1].
>
> I was no able to capture data.
>
> I had to manually set
> sudo chmod 4711 /usr/bin/dumpcap
>
> My expecation is that this chmod should be effected by configuration of
> wireshark-common.
Setuid bit is used as a fall-back only when Linux Capabilities are
missing but you kernel seems to be OK.
You can check your installation by running getcap, the result should
look similar:
$ /sbin/getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
...
Cheers,
Balint
[1]http://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/branches/experimental/debian/README.Debian?view=markup
Hi Heinrich,
2015-11-07 16:42 GMT+04:00 Heinrich Schuchardt <xypro...@gmx.de>:
> Package: wireshark-common
> Version: 1.12.1+g01b65bf-4+deb8u3
> Severity: normal
>
> Dear Maintainer,
>
> I installed wireshark
> sudo apt-get install wireshark
>
> I answered
> Should non-superusers be able to capture packets? Yes
>
> I added myself to the user group
> adduser user wireshark
group membership include wireshark.
I have just extended README.Debian to make that clear [1].
>
> I was no able to capture data.
>
> I had to manually set
> sudo chmod 4711 /usr/bin/dumpcap
>
> My expecation is that this chmod should be effected by configuration of
> wireshark-common.
missing but you kernel seems to be OK.
You can check your installation by running getcap, the result should
look similar:
$ /sbin/getcap /usr/bin/dumpcap
/usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip
...
> Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
...
Cheers,
Balint
[1]http://anonscm.debian.org/viewvc/collab-maint/ext-maint/wireshark/branches/experimental/debian/README.Debian?view=markup
Richard Z.
Feb 21, 2022, 12:50:03 PM2/21/22
to
Hi,
just tried it on Bullseye and two observations:
* the selection dialog "Should non-superuser be able to capture
packets?" should make it clearer *how* to answer the choice. I assume
this is by pressing "y"/"n" and "enter" ? Something like that worked
for me but the makeup of the dialog is more suggestive of a dialog box
which usually have other methods of selection.
* in my case not even logging out made non-root capture work but it
worked after reboot. This may be a peculiarity of Xfce or something
else but should be mentioned in the README. Or indeed.. if there is a
known workaround to make it work without reboot/logout it would be
very nice to mention it there.
* how about asking for a list of users to add to the wireshark group
during configuration?
Regards
Richard
just tried it on Bullseye and two observations:
* the selection dialog "Should non-superuser be able to capture
packets?" should make it clearer *how* to answer the choice. I assume
this is by pressing "y"/"n" and "enter" ? Something like that worked
for me but the makeup of the dialog is more suggestive of a dialog box
which usually have other methods of selection.
* in my case not even logging out made non-root capture work but it
worked after reboot. This may be a peculiarity of Xfce or something
else but should be mentioned in the README. Or indeed.. if there is a
known workaround to make it work without reboot/logout it would be
very nice to mention it there.
* how about asking for a list of users to add to the wireshark group
during configuration?
Regards
Richard
0 new messages