tcpdump mailing list archives
Re: -G and -C options
From: Michal Ruprich <michalruprich () gmail com>
Date: Tue, 17 Sep 2019 13:26:15 +0200
On 9/16/19 4:21 PM, Michael Richardson wrote:
Michal Ruprich <michalruprich () gmail com> wrote: > with -C option, the manpage says "Note that when used with -Z option > (enabled by default), privilegesĀ areĀ droppedĀ before opening first > savefile." So when I run tcpdump as root like this: > # tcpdump -n -i eth0 -s 0 -C 3 -w /opt/tcpdump%F--%T.pcap > I immediately get 'Permission' denied error - as expected. assuming that your username has no permissions on /opt
Actually no, the privileges are dropped every time - even when I run tcpdump as root, the privileges are dropped before the file is created and user tcpdump is used. But this is not the point, This behavior is expected, my concern was about the manpage that's all.
> Now with -G, I think that the behavior should be similar but tcpdump > drops root privileges after creating the first file: > # tcpdump -n -i eth0 -s 0 -G 3 -w /opt/tcpdump%F--%T.pcap That might be a reasonable behaviour, but it's not. You'd generally want to switch to a username that has write permission. > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size > 262144 bytes > tcpdump: /opt/tcpdump2019-09-16--07:03:32.pcap: Permission denied > # ls /opt > tcpdump2019-09-16--07:03:29.pcap > So with -G I get just the first file created. -C and -G have a very > similar rotation logic so perhaps the behavior should be similar as > well? Or at least this could be mentioned in the manpage under -G - the > fact that at least one file will be created. There a lot of considerations around this. If you want to rotate files, then you need to keep permissions to write. I'll try to review the man page, but any updates to document what *is* would be welcome, even if what *is* makes little sense. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr () sandelman ca http://www.sandelman.ca/ | ruby on rails [
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- -G and -C options Michal Ruprich (Sep 16)
- Message not available
- Re: -G and -C options Michal Ruprich (Sep 17)
- Message not available