You are not logged in.
Pages: 1
Topic closed
I think that in Wireshark's package should be added post_install script that makes Wireshark able to capture as regular user.
It is pretty annoying doing the same thing again and again after every Wireshark update. Besides that, some non-experienced users might run it as root, as they couldn't find easier solution, which we all know that could be (very) dangerous.
Anyway, I made simple bash script which does that. So if you want, you can add it in the package.
#!/bin/bash
groupadd wireshark &> /dev/null
chgrp wireshark /usr/bin/dumpcap
chmod 754 /usr/bin/dumpcap
setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
Offline
Allowing regular non root users sniffing packets on your machine for their enjoyment is not a very smart move...
Offline
It's up to administrator to decide who should be in wireshark group... By default, it should be empty.
Offline
then its not so bad..
I usually just sudo wireshark
Offline
people have found wireshark vulnerabilities in the past (buffer overflows, etc) that allow them to execute code on your machine... there aren't any known exploits right now afaik, but it seems like a good idea to run it as a user (perhaps as a wireshark user with very little priveledges?)
Offline
This may very well be all true and good, but kinda going back on subject, I think that adding customization to packages is generally a bad idea.
I see these posts from time to time of users wanting this or that feature or customization added to their favorite package, which might be good ideas, but eventually I think that each time a package is getting customized - Arch loses some of its greatness (and a kitten dies somewhere).
I like Arch packages as vanilla as possible, leaving me the option to do whatever I want with them (like what you did here).
Offline
You got that 100% right... I agree with you.
But I don't see this like customization.
It's not changing/adding features of program/OS (like patch or something)
AFAIK, many packages (trough I'm not sure if thats in PKGBUILD, or in native packages) are creating new groups to avoid programs being run as root.
Besides that, when admin installs program, its everything the same for him, besides he doesn't have to do the same after every update.
But when regular user installs program, he would 80% run that as root (like you did), which is (potentiality hight) security risk. Isn't it easier and better to just once type: sudo gpasswd -a user wireshark, then running it as root?
Of course, user should be told that he should add him self to group wireshark at the time of installation (what many archlinux packages does), so he doesn't have to crawl web to find the answer. Also, post_remove scrip should delete wireshark group to keep system clean.
I made my self a script and its not a problem to run it after every update. It's just a try to make archlinux more safe for regular user.
(admins would take care of this them self, I rly hope).
Last edited by jazzfan (2010-02-26 20:49:23)
Offline
Hello,
What could be the problem if running wireshark as a regular user, but there is no menu (File Edit View Go Capture Analize ... ) at all?
It is available only under sudo.
Offline
It's highly unlikely that this 11 year old thread still holds relevance to whatever your issue is. Open a new thread, don't necrobump.
Closing.
Offline
Pages: 1
Topic closed