On 10/01/2019 16.51, Martin Wilck wrote:
On Thu, 2019-01-10 at 15:43 +0100, Carlos E. R. wrote:
On 10/01/2019 15.35, James Knott wrote:
On 01/08/2019 07:33 AM, Andreas Stieger wrote:
This is already implemented. From package changelog:
Will following the instructions in that bug report result in it working? When looking at the original Wireshark instructions, I see "1. Ensure that you have installed the necessary tools, such as the setcap command." What are the necessary
No, the bugreport doesn't explain how to make it work for only a group. Only that they are doing it that way.
Why not configure it like this:
chgrp $GROUP /usr/bin/dumpcap chmod 750 /usr/bin/dumpcap setcap cap_net_raw=ep /usr/bin/dumpcap
Now all members of group $GROUP may capture packets. I'm using "wheel" here.
The only annoyance is that the capabilities are reset whenever wireshark is updated.
Yes, but we can edit /etc/permisions.local, and they will be set again to our liking. The bugzilla proposes these settings: permissions.easy 335:/usr/bin/dumpcap root:root 0755 permissions.paranoid 345:/usr/bin/dumpcap root:root 0755 permissions.secure 373:/usr/bin/dumpcap root:root 0755 I assume that this way users in the "root" group could run capture as users, then. Or do we also need to run setcap as well? Sorry, I'm not familiar with the utility. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)