Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 375325 - net-analyzer/tcpdump 4.1.1 -C -W and -z option does not create secondary file as same user
Summary: net-analyzer/tcpdump 4.1.1 -C -W and -z option does not create secondary file...
Status: RESOLVED DUPLICATE of bug 334329
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Unspecified (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: Netmon Herd
Depends on:
Reported: 2011-07-15 22:59 UTC by M. Prášek
Modified: 2013-06-01 14:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description M. Prášek 2011-07-15 22:59:14 UTC
tcpdump -i eth1 host blah -C 1 -W 10 -w ./testing  should create  testing0 - testin9 files acording to manpage. But any combination of -C and -W  options and paths  DOES NOT WORK. It create onyly a SINGLE FILE , nothing more .In conjiunction with -z flag as mentioned in the manpage error is thrown: "compress_savefile:execlp(bzip2, ./testing0): No such file or directory" even if the file actually IS in the path. 

Reproducible: Always

Steps to Reproduce:
1. tcpdump -i eth1 host blah -C 1 -W 10 -w ./testing
2. watch actual path - only ONE file is created.
3. pull your hairs off if you need to capture bigger amounth of data to solve actual network problem :-/

Expected Results:  
testing0 testing1 testing2 etc in actual path. This is EXPECTET RESULT acording a MAN PAGE of tcpdump and acording a several online mentions and turotrials googlewide.
Comment 1 Michael Orlitzky gentoo-dev 2011-07-16 14:19:06 UTC
Confirmed, sort of. It looks like tcpdump drops privileges after it creates the first file, to tcpdump:tcpdump, even though the first file is created as root:root.

  gantu tcpdump $ sudo su

  gantu tcpdump # tcpdump -i eth0 -s 0 -C 1 -W 10 -w testing
  tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 
  tcpdump: testing1: Permission denied

However, if I chown the directory to tcpdump:tcpdump and chmod it to 775,

  gantu tcpdump $ ls
  total 4.1M
  -rw-r--r-- 1 root    root    977K 2011-07-16 10:15 testing0
  -rw-r--r-- 1 tcpdump tcpdump 977K 2011-07-16 10:15 testing1

it works.

An alternative is to pass "-Z root" to tcpdump when running as root; this forces it to "drop" privileges to root every time it rotates the dump file.
Comment 2 Jeroen Roovers gentoo-dev 2011-07-18 11:20:01 UTC

*** This bug has been marked as a duplicate of bug 358329 ***
Comment 3 Michael Orlitzky gentoo-dev 2011-07-18 13:21:30 UTC
I don't think this is the same as bug 334329 because I compiled with USE="-chroot". The bug in this case is actually that the dump works at all; the first file should be created as the 'tcpdump' user, so if the command is run in a root-owned directory, it shouldn't work at all.

Privileges are then dropped for dumps 2 through N, and the writes are correctly denied unless I change to a tcpdump-writeable directory.
Comment 4 Jeroen Roovers gentoo-dev 2013-06-01 14:26:58 UTC

*** This bug has been marked as a duplicate of bug 334329 ***