Hi Francesco, setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap is intended to provide the necessary rights for the user running dumpcap to be able to capture packets. It is correct, that the script does not set +s if setcap succeeds.
Could you please provide the output of the following commands as a normal user?: groups /sbin/getcap /usr/bin/dumpcap ls -alh /usr/bin/dumpcap dumpcap -D uname -a As a reference here are the outputs from my system: groups ... wireshark ... u...@host:~$ /sbin/getcap /usr/bin/dumpcap /usr/bin/dumpcap = cap_net_admin,cap_net_raw+eip u...@host:~$ ls -alh /usr/bin/dumpcap -rwxr-xr-- 1 root wireshark 58K 2010-03-17 15:52 /usr/bin/dumpcap u...@host:~$ /usr/bin/dumpcap -D 1. eth0 2. wmaster0 3. wlan0 4. any (Pseudo-device that captures on all interfaces) 5. lo u...@host:~$ uname -a Linux host 2.6.26-2-686-bigmem #1 SMP Tue Mar 9 18:01:52 UTC 2010 i686 GNU/Linux Thanks, Balint 2010/3/24 Francesco Muzio <muzi...@email.it>: > Package: wireshark-common > Version: 1.2.6-5 > Severity: important > > before the patch applied at the file > /var/lib/dpkg/info/wireshark-common.postinst to fix the bug number 570193, > wireshark was able to see the interfaces running as normal user. > > I choose yes for the question wich show me after dpkg-reconfigure > wireshark-common > > But the execution of wireshark-common.postinst doesn't apply +s on > /usr/bin/dumpcap > I see that the script dowsn't execute the line > chmod u=rwxs,g=rx,o=r $PROGRAM > > In the conditional branch > > if ! setcap cap_net_raw,cap_net_admin=eip /usr/bin/dumpcap; > then > echo "Setting capabilities for dumpcap using Linux > Capabilities failed." > echo "Falling back to setting set-user-id bit." > chmod u=rwxs,g=rx,o=r $PROGRAM > fi > > The line chmod u=rwxs,g=rx,o=r $PROGRAM should not be out of the branch? > > On my debian machine the +s flag is apllied only if I add/move "chmod > u=rwxs,g=rx,o=r $PROGRAM" after the end of the if-block > > > -- System Information: > Debian Release: squeeze/sid > APT prefers testing > APT policy: (500, 'testing') > Architecture: i386 (i686) > > Kernel: Linux 2.6.32 > Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/bash > > Versions of packages wireshark-common depends on: > ii debconf [debconf-2.0] 1.5.28 Debian configuration management > sy > ii libc-ares2 1.7.0-1 library for asyncronous name > resol > ii libc6 2.10.2-6 Embedded GNU C Library: Shared > lib > ii libcap2 1:2.17-2 support for getting/setting > POSIX. > ii libcap2-bin 1:2.17-2 basic utility programs for using > c > ii libcomerr2 1.41.11-1 common error description library > ii libgcrypt11 1.4.5-2 LGPL Crypto library - runtime > libr > ii libgeoip1 1.4.6.dfsg-19 A non-DNS IP-to-country resolver > l > ii libglib2.0-0 2.22.4-1 The GLib library of C routines > ii libgnutls26 2.8.5-2 the GNU TLS library - runtime > libr > ii libk5crypto3 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries - > C > ii libkrb5-3 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries > ii liblua5.1-0 5.1.4-5 Simple, extensible, embeddable > pro > ii libpcap0.8 1.0.0-6 system interface for user-level > pa > ii libpcre3 7.8-3 Perl 5 Compatible Regular > Expressi > ii libsmi2ldbl 0.4.8+dfsg2-2 library to access SMI MIB > informat > ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime > > Versions of packages wireshark-common recommends: > ii wireshark 1.2.6-5 network traffic analyzer - GTK+ > ve > > Versions of packages wireshark-common suggests: > pn snmp-mibs-downloader <none> (no description available) > > -- debconf information: > * wireshark-common/install-setuid: true > > > -- > Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP > autenticato? GRATIS solo con Email.it http://www.email.it/f > > Sponsor: > Registrati e partecipa al concorso Libertadibanca.com, puoi vincere 1 > Volkswagen New Beetle, 1 Vespa S e diventare il nuovo testimonial UBI Banca > Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=10279&d=24-3 > > > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
