[Ubuntu Maverick] Enable Wireshark capturing for non-root user

Monday, January 10, 2011
When you tried to launch the wireshark capturing, you may encounter a problem: there's no network interfaces available for capturing. This is because the executable(/usr/bin/dumpcap) which is doing the indeed capturing job needs permission of root. Fortunately, I found the solution at wireshark wiki:CapturePrivileges, and I did some modification due to security concern. And I am going to keep a memo here in case someday someone may need this :-)
$sudo useradd -U -M -s /bin/false wireshark
$sudo chgrp wireshark /usr/bin/dumpcap
$sudo chmod 754 /usr/bin/dumpcap
$sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
$sudo gpasswd -a [username] wireshark

logout & login, and you're done!
[1]. useradd: -U means "Create a group with the same name as the user, and add the user to this group."
[2]. useradd: -M means "Do no create the users home directory."
[3]. useradd: -s /bin/false means "Do no give the user a login shell."
[4]. chgrp: Change the group of each FILE to GROUP.

3 意見:

5phere said...

hey there :) i did all the commands you said but now i get an error in wireshark saying "Couldn't run /usr/bin/dumpcap in child process: Permission denied"

says this when i start it and when i click on interface list etc. any ideas of how to fix?


Display Name said...

logout and back in, as it says

pmorch said...

Hi there,

This is way to complicated. You should call "dpkg-reconfigure wireshark-common" and answer yes instead, as described here: Ubuntu machine - no interfaces listed