Comment 28 for bug 513903

Revision history for this message
Guy Harris (guyharris) wrote :

It appears that the Ubuntu policy is that, if dumpcap is to be given elevated privileges, it be executable only by its owner (presumably root) and by members of the group that owns it, which appears to be the "wireshark" group. The intent is presumably not to give *everybody* on the system sufficient privilege to capture traffic; only people in the wireshark group can use dumpcap to capture network traffic.

This is why they don't give world execute privileges to dumpcap; anybody who can run dumpcap would have sufficient privileges to capture on regular network devices (although some non-network devices that are also supported by libpcap on Linux, such as USB buses, may require root privileges).

If you have to give dumpcap world execute privileges, that's because you're not in the group that owns it. You would have to add yourself to that group. You *can* give dumpcap world permission, instead, but doing so means that you will be giving the ability to capture traffic to every account on the system. If that's not what you want, do that; if that *is* what you want, perhaps you should ask the Ubuntu packagers to provide that as a configuration option, if they don't do so already.