Quoting Miroslav Lichvar (mlichvar@xxxxxxxxxx): > On Tue, Apr 06, 2010 at 10:47:22PM +0200, Radek Vokál wrote: > > Hi all, > > > > I need few suggestions about this .. > > https://blog.wireshark.org/2010/02/running-wireshark-as-you/ .. Gerald > > Combs, the upstream maintainer of wireshark, suggests to use > > capabilities instead of consolehelper+root privileges for > > dumpcap/wireshark. It makes whole lot of sense, so I've looked if other > > apps in Fedora are already using it and I haven't found any. Honestly > > I'm not sure about right way to use them. The idea is to add something > > like following to %post > > > > # groupadd -g wireshark > > # chgrp wireshark /usr/bin/dumpcap > > # setcap cap_net_raw,cap_net_admin+eip /usr/bin/dumpcap > > # setcap cap_net_raw,cap_net_admin+eip /usr/bin/tshark > > This is useful to avoid having setuid binary, but how will regular > users get access to the wireshark group? Maybe through policykit? The originally quoted URL also says: # groupadd -g wireshark # usermod -a -G wireshark gerald -serge -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
