On 24/12/2018 10:35, L A Walsh wrote:
On 12/22/2018 2:11 PM, David Haller wrote:
Hello,
On Sat, 22 Dec 2018, Carlos E. R. wrote:
QStandardPaths: wrong ownership on runtime directory /var/run/user/5013, 5013 instead of 0
To me that means that the tool wants to be run as root, while it was running as plain user. ===
Sigh...you'll love this -- it was just the opposite. I was running as root, as I ran wireshark with 'sudo wireshark' (isn't that the normal way to run it?). [...]
Actually, for some time now the recommended way to run Wireshark has been as a normal user, but using setcap (set capabilities) to allow dumpcap access to the network data streams. See here: https://wiki.wireshark.org/CaptureSetup/CapturePrivileges The relevant excerpt: ----------------------------------------------------------------------------------------------------------- Most UNIXes Wireshark has implemented Privilege Separation which means that the Wireshark GUI (or the tshark CLI) can run as a normal user while the dumpcap capture utility runs as root. This can be achieved by installing dumpcap setuid root. The advantage of this solution is that while dumpcap is run as root the vast majority of Wireshark's code is run as a normal user (where it can do much less damage). GNU/Linux distributions, Wireshark is installed using a package manager GNU/Linux distributions usually provide package managers which handle installation, configuration and removal of software packages. Wireshark is provided by several distributions and some of them help in configuring dumpcap to allow capturing even for non-root users. Debian, Ubuntu and other Debian derivatives By installing Wireshark packages non-root users won't gain rights automatically to capture packets. To allow non-root users to capture packets follow the procedure described in the Wireshark debian/README.Debian file. Other Linux based systems or other installation methods Other Linux distributions may require that you give dumpcap sufficient privileges by hand. Setting network privileges for dumpcap if your kernel and file system support file capabilities 1. Ensure that you have installed the necessary tools, such as the setcap command. 2. setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap (NOTE: Replace /usr/sbin with /usr/bin in case you receive an error that indicates that dumpcap isn't in /usr/sbin) 3. Start Wireshark as non-root and ensure you see the list of interfaces and can do live capture. Setting network privileges for dumpcap if your kernel and file system don't support file capabilities In this case, you will need to make dumpcap set-UID to root. 1. chown root /usr/sbin/dumpcap (NOTE: Replace /usr/sbin with /usr/bin in this command and the next command in case you receive an error that indicates that dumpcap isn't in /usr/sbin) 2. chmod u+s /usr/bin/dumpcap Limiting capture permission to only one group After having set dumpcap's network privileges: 1. Create user "wireshark" in group "wireshark". 2. chgrp wireshark /usr/sbin/dumpcap 3. chmod o-rx /usr/sbin/dumpcap 5. Ensure Wireshark works only from root and from a user in the "wireshark" group" -------------------------------------------------------------------------------------------------- -- ============================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au CCNA #CSCO12880208 ============================================================== -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org