Have you logged out and back in since becoming a member of the wireshark group? A quick way to test without having to log out and back in would be to Ctrl-Alt-F2 (or whatever) over to a virtual terminal and log in there, and then try to run the command. If that works, of course, you just need to log out of your current session (desktop environment, screen session, etc.) and then log back in, and it should work fine. If you are logged into a desktop environment, not even a new X terminal session will have you in the new group yet.
On Thu, May 1, 2008 at 10:00 PM, Bob Young <[EMAIL PROTECTED]> wrote: > > > -----Original Message----- > >From: Bob Young [mailto:[EMAIL PROTECTED] > >Sent: Thursday, May 01, 2008 10:03 AM > >To: Gentoo-user List > >Subject: [gentoo-user] Wireshark won't run except as root > > > > I've emerged wireshark, and made myself a member of both the wireshark > > group, and the tcpdump group, but still wireshark refuses to capture > > packets if executed as a non root user. The error message is: "Couldn't > > run dumpcap as a child process: Permission denied." > > > > A little research indicated that dumpcap should be installed suid root and > > It appears that it is, but I still can't execute it as a non-root user: > > > > I'm sure it's probably something simple that I'm unaware of or not seeing > > for some reason. Can anybody point out what I'm doing wrong. > > > > Thanks, > > Bob Young > > San Jose, CA. > > Well a little more experimentation proved that world has to have execute > permission: > > [ 18:16:56 ] Thu May 01 /home/Cyor $ : su > Password: > [ 18:25:38 ] Thu May 01 /home/Cyor $ : cd /usr/bin/ > [ 18:28:52 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap > 52 -rwxr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap > [ 18:28:58 ] Thu May 01 /usr/bin $ : chmod u+s ./dumpcap > [ 18:29:26 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap > 52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap > [ 18:29:30 ] Thu May 01 /usr/bin $ : exit > exit > [ 18:29:44 ] Thu May 01 /home/Cyor $ : whoami > Cyor > [ 18:30:11 ] Thu May 01 /home/Cyor $ : cd /usr/bin/ > [ 18:30:21 ] Thu May 01 /usr/bin $ : ./dumpcap > bash: ./dumpcap: Permission denied > [ 18:30:24 ] Thu May 01 /usr/bin $ : su > Password: > [ 18:31:18 ] Thu May 01 /usr/bin $ : whoami > root > [ 18:32:03 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap > 52 -rwsr-x--- 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap > [ 18:32:14 ] Thu May 01 /usr/bin $ : chmod o+x ./dumpcap > [ 18:32:29 ] Thu May 01 /usr/bin $ : ls /usr/bin/dumpcap > 52 -rwsr-x--x 1 root wireshark 50876 Apr 27 15:49 /usr/bin/dumpcap > [ 18:32:34 ] Thu May 01 /usr/bin $ : exit > exit > [ 18:32:41 ] Thu May 01 /usr/bin $ : whoami > Cyor > [ 18:32:49 ] Thu May 01 /usr/bin $ : ./dumpcap > File: /tmp/etherXXXX1wMVki > ^CPackets dropped: 0 > > My question is: If the wireshark GROUP has execute permission to dumpcap, > and user Cyor is a member of the wireshark group, why can't Cyor execute > dumpcap without the execute bit for everyone being set? > > Doesn't this mean that the entire world world (member of wireshark group or > not) can execute an an SUID root program? > > If that's the case what's the purpose of having the wireshark group? > > Note: Cyor is a member of wireshark group: > > [ 18:32:55 ] Thu May 01 /usr/bin $ : cat /etc/group > > root::0:root > . > . > .[snip] > > wheel::10:root,BYoung,Cyor > wireshark:x:446:BYoung,Cyor > ntp:x:123: > tcpdump:x:447:Byoung,Cyor > +:::::: > > > Thanks, > Bob Young > San Jose, CA > > > -- > gentoo-user@lists.gentoo.org mailing list > > -- gentoo-user@lists.gentoo.org mailing list
