1 |
Have you logged out and back in since becoming a member of the |
2 |
wireshark group? A quick way to test without having to log out and |
3 |
back in would be to Ctrl-Alt-F2 (or whatever) over to a virtual |
4 |
terminal and log in there, and then try to run the command. If that |
5 |
works, of course, you just need to log out of your current session |
6 |
(desktop environment, screen session, etc.) and then log back in, and |
7 |
it should work fine. If you are logged into a desktop environment, not |
8 |
even a new X terminal session will have you in the new group yet. |
9 |
|
10 |
On Thu, May 1, 2008 at 10:00 PM, Bob Young <RKY@×××××.net> wrote: |
11 |
> |
12 |
> |
13 |
> -----Original Message----- |
14 |
> >From: Bob Young [mailto:RKY@×××××.net] |
15 |
> >Sent: Thursday, May 01, 2008 10:03 AM |
16 |
> >To: Gentoo-user List |
17 |
> >Subject: [gentoo-user] Wireshark won't run except as root |
18 |
> |
19 |
> |
20 |
> > I've emerged wireshark, and made myself a member of both the wireshark |
21 |
> > group, and the tcpdump group, but still wireshark refuses to capture |
22 |
> > packets if executed as a non root user. The error message is: "Couldn't |
23 |
> > run dumpcap as a child process: Permission denied." |
24 |
> > |
25 |
> > A little research indicated that dumpcap should be installed suid root and |
26 |
> > It appears that it is, but I still can't execute it as a non-root user: |
27 |
> > |
28 |
> > I'm sure it's probably something simple that I'm unaware of or not seeing |
29 |
> > for some reason. Can anybody point out what I'm doing wrong. |
30 |
> > |
31 |
> > Thanks, |
32 |
> > Bob Young |
33 |
> > San Jose, CA. |
34 |
> |
35 |
> Well a little more experimentation proved that world has to have execute |
36 |
> permission: |
37 |
> |
38 |
> [ 18:16:56 ] Thu May 01 /home/Cyor $ : su |
39 |
> Password: |
40 |
> [ 18:25:38 ] Thu May 01 /home/Cyor $ : cd /usr/bin/ |
41 |
> [ 18:28:52 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap |
42 |
> 52 -rwxr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap |
43 |
> [ 18:28:58 ] Thu May 01 /usr/bin $ : chmod u+s ./dumpcap |
44 |
> [ 18:29:26 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap |
45 |
> 52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap |
46 |
> [ 18:29:30 ] Thu May 01 /usr/bin $ : exit |
47 |
> exit |
48 |
> [ 18:29:44 ] Thu May 01 /home/Cyor $ : whoami |
49 |
> Cyor |
50 |
> [ 18:30:11 ] Thu May 01 /home/Cyor $ : cd /usr/bin/ |
51 |
> [ 18:30:21 ] Thu May 01 /usr/bin $ : ./dumpcap |
52 |
> bash: ./dumpcap: Permission denied |
53 |
> [ 18:30:24 ] Thu May 01 /usr/bin $ : su |
54 |
> Password: |
55 |
> [ 18:31:18 ] Thu May 01 /usr/bin $ : whoami |
56 |
> root |
57 |
> [ 18:32:03 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap |
58 |
> 52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap |
59 |
> [ 18:32:14 ] Thu May 01 /usr/bin $ : chmod o+x ./dumpcap |
60 |
> [ 18:32:29 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap |
61 |
> 52 -rwsr-x--x 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap |
62 |
> [ 18:32:34 ] Thu May 01 /usr/bin $ : exit |
63 |
> exit |
64 |
> [ 18:32:41 ] Thu May 01 /usr/bin $ : whoami |
65 |
> Cyor |
66 |
> [ 18:32:49 ] Thu May 01 /usr/bin $ : ./dumpcap |
67 |
> File: /tmp/etherXXXX1wMVki |
68 |
> ^CPackets dropped: 0 |
69 |
> |
70 |
> My question is: If the wireshark GROUP has execute permission to dumpcap, |
71 |
> and user Cyor is a member of the wireshark group, why can't Cyor execute |
72 |
> dumpcap without the execute bit for everyone being set? |
73 |
> |
74 |
> Doesn't this mean that the entire world world (member of wireshark group or |
75 |
> not) can execute an an SUID root program? |
76 |
> |
77 |
> If that's the case what's the purpose of having the wireshark group? |
78 |
> |
79 |
> Note: Cyor is a member of wireshark group: |
80 |
> |
81 |
> [ 18:32:55 ] Thu May 01 /usr/bin $ : cat /etc/group |
82 |
> |
83 |
> root::0:root |
84 |
> . |
85 |
> . |
86 |
> .[snip] |
87 |
> |
88 |
> wheel::10:root,BYoung,Cyor |
89 |
> wireshark:x:446:BYoung,Cyor |
90 |
> ntp:x:123: |
91 |
> tcpdump:x:447:Byoung,Cyor |
92 |
> +:::::: |
93 |
> |
94 |
> |
95 |
> Thanks, |
96 |
> Bob Young |
97 |
> San Jose, CA |
98 |
> |
99 |
> |
100 |
> -- |
101 |
> gentoo-user@l.g.o mailing list |
102 |
> |
103 |
> |
104 |
-- |
105 |
gentoo-user@l.g.o mailing list |