2010/4/6 Radek Vokál <radekvokal@xxxxxxxxx>: > Hi all, > > I need few suggestions about this .. > https://blog.wireshark.org/2010/02/running-wireshark-as-you/ .. Gerald > Combs, the upstream maintainer of wireshark, suggests to use > capabilities instead of consolehelper+root privileges for > dumpcap/wireshark. Using PolicyKit instead of hardcoding a Unix group gives a lot more flexibility to system administrators. For example, in Fedora we could interactively prompt for the root password by default. Or we could default to allowing "console users" auth. Or require the user's password. Or in fact, allow it for a given Unix group. Basically, you already have the privileged component/user session separation, which is great, so the dumpcap program just needs to be runnable as a DBus service, it could expose say an API to get a file descriptor which gives a dump stream for a given interface. Documentation lives at: http://hal.freedesktop.org/docs/PolicyKit/ -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
