FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 05-02-2008, 02:00 AM
"Bob Young"
 
Default Wireshark won't run except as root (Solved but Why is this)

-----Original Message-----
>From: Bob Young [mailto:RKY@sonic.net]
>Sent: Thursday, May 01, 2008 10:03 AM
>To: Gentoo-user List
>Subject: [gentoo-user] Wireshark won't run except as root


> I've emerged wireshark, and made myself a member of both the wireshark
> group, and the tcpdump group, but still wireshark refuses to capture
> packets if executed as a non root user. The error message is: "Couldn't
> run dumpcap as a child process: Permission denied."
>
> A little research indicated that dumpcap should be installed suid root and
> It appears that it is, but I still can't execute it as a non-root user:
>
> I'm sure it's probably something simple that I'm unaware of or not seeing
> for some reason. Can anybody point out what I'm doing wrong.
>
> Thanks,
> Bob Young
> San Jose, CA.

Well a little more experimentation proved that world has to have execute
permission:

[ 18:16:56 ] Thu May 01 /home/Cyor $ : su
Password:
[ 18:25:38 ] Thu May 01 /home/Cyor $ : cd /usr/bin/
[ 18:28:52 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap
52 -rwxr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap
[ 18:28:58 ] Thu May 01 /usr/bin $ : chmod u+s ./dumpcap
[ 18:29:26 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap
52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap
[ 18:29:30 ] Thu May 01 /usr/bin $ : exit
exit
[ 18:29:44 ] Thu May 01 /home/Cyor $ : whoami
Cyor
[ 18:30:11 ] Thu May 01 /home/Cyor $ : cd /usr/bin/
[ 18:30:21 ] Thu May 01 /usr/bin $ : ./dumpcap
bash: ./dumpcap: Permission denied
[ 18:30:24 ] Thu May 01 /usr/bin $ : su
Password:
[ 18:31:18 ] Thu May 01 /usr/bin $ : whoami
root
[ 18:32:03 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap
52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap
[ 18:32:14 ] Thu May 01 /usr/bin $ : chmod o+x ./dumpcap
[ 18:32:29 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap
52 -rwsr-x--x 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap
[ 18:32:34 ] Thu May 01 /usr/bin $ : exit
exit
[ 18:32:41 ] Thu May 01 /usr/bin $ : whoami
Cyor
[ 18:32:49 ] Thu May 01 /usr/bin $ : ./dumpcap
File: /tmp/etherXXXX1wMVki
^CPackets dropped: 0

My question is: If the wireshark GROUP has execute permission to dumpcap,
and user Cyor is a member of the wireshark group, why can't Cyor execute
dumpcap without the execute bit for everyone being set?

Doesn't this mean that the entire world world (member of wireshark group or
not) can execute an an SUID root program?

If that's the case what's the purpose of having the wireshark group?

Note: Cyor is a member of wireshark group:

[ 18:32:55 ] Thu May 01 /usr/bin $ : cat /etc/group

root::0:root
.
.
.[snip]

wheel::10:root,BYoung,Cyor
wireshark:x:446:BYoung,Cyor
ntp:x:123:
tcpdump:x:447:Byoung,Cyor
+::::::


Thanks,
Bob Young
San Jose, CA


--
gentoo-user@lists.gentoo.org mailing list
 
Old 05-02-2008, 04:12 AM
"Brandon Mintern"
 
Default Wireshark won't run except as root (Solved but Why is this)

Have you logged out and back in since becoming a member of the
wireshark group? A quick way to test without having to log out and
back in would be to Ctrl-Alt-F2 (or whatever) over to a virtual
terminal and log in there, and then try to run the command. If that
works, of course, you just need to log out of your current session
(desktop environment, screen session, etc.) and then log back in, and
it should work fine. If you are logged into a desktop environment, not
even a new X terminal session will have you in the new group yet.

On Thu, May 1, 2008 at 10:00 PM, Bob Young <RKY@sonic.net> wrote:
>
>
> -----Original Message-----
> >From: Bob Young [mailto:RKY@sonic.net]
> >Sent: Thursday, May 01, 2008 10:03 AM
> >To: Gentoo-user List
> >Subject: [gentoo-user] Wireshark won't run except as root
>
>
> > I've emerged wireshark, and made myself a member of both the wireshark
> > group, and the tcpdump group, but still wireshark refuses to capture
> > packets if executed as a non root user. The error message is: "Couldn't
> > run dumpcap as a child process: Permission denied."
> >
> > A little research indicated that dumpcap should be installed suid root and
> > It appears that it is, but I still can't execute it as a non-root user:
> >
> > I'm sure it's probably something simple that I'm unaware of or not seeing
> > for some reason. Can anybody point out what I'm doing wrong.
> >
> > Thanks,
> > Bob Young
> > San Jose, CA.
>
> Well a little more experimentation proved that world has to have execute
> permission:
>
> [ 18:16:56 ] Thu May 01 /home/Cyor $ : su
> Password:
> [ 18:25:38 ] Thu May 01 /home/Cyor $ : cd /usr/bin/
> [ 18:28:52 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap
> 52 -rwxr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap
> [ 18:28:58 ] Thu May 01 /usr/bin $ : chmod u+s ./dumpcap
> [ 18:29:26 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap
> 52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap
> [ 18:29:30 ] Thu May 01 /usr/bin $ : exit
> exit
> [ 18:29:44 ] Thu May 01 /home/Cyor $ : whoami
> Cyor
> [ 18:30:11 ] Thu May 01 /home/Cyor $ : cd /usr/bin/
> [ 18:30:21 ] Thu May 01 /usr/bin $ : ./dumpcap
> bash: ./dumpcap: Permission denied
> [ 18:30:24 ] Thu May 01 /usr/bin $ : su
> Password:
> [ 18:31:18 ] Thu May 01 /usr/bin $ : whoami
> root
> [ 18:32:03 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap
> 52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap
> [ 18:32:14 ] Thu May 01 /usr/bin $ : chmod o+x ./dumpcap
> [ 18:32:29 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap
> 52 -rwsr-x--x 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap
> [ 18:32:34 ] Thu May 01 /usr/bin $ : exit
> exit
> [ 18:32:41 ] Thu May 01 /usr/bin $ : whoami
> Cyor
> [ 18:32:49 ] Thu May 01 /usr/bin $ : ./dumpcap
> File: /tmp/etherXXXX1wMVki
> ^CPackets dropped: 0
>
> My question is: If the wireshark GROUP has execute permission to dumpcap,
> and user Cyor is a member of the wireshark group, why can't Cyor execute
> dumpcap without the execute bit for everyone being set?
>
> Doesn't this mean that the entire world world (member of wireshark group or
> not) can execute an an SUID root program?
>
> If that's the case what's the purpose of having the wireshark group?
>
> Note: Cyor is a member of wireshark group:
>
> [ 18:32:55 ] Thu May 01 /usr/bin $ : cat /etc/group
>
> root::0:root
> .
> .
> .[snip]
>
> wheel::10:root,BYoung,Cyor
> wireshark:x:446:BYoung,Cyor
> ntp:x:123:
> tcpdump:x:447:Byoung,Cyor
> +::::::
>
>
> Thanks,
> Bob Young
> San Jose, CA
>
>
> --
> gentoo-user@lists.gentoo.org mailing list
>
>
--
gentoo-user@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 01:14 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org