4

When I use tcpdump on centos 6, I got a permission denied error even when I was root. My command is like this:

sudo tcpdump -i eth0 -G 10 -w test.dmp port 80

i have tried with -Z root or -Z my_username but no luck

sudo tcpdump -i eth0 -Z root -G 10 -w test.dmp port 80
sudo tcpdump -i eth0 -Z myuser_name -G 10 -w test.dmp port 80

Does anybody know how to make it work?

Sean Nguyen
  • 143
  • 1
  • 1
  • 8
  • Could you please show us the full output? – quanta Sep 04 '12 at 16:15
  • the first file is created fine but when it tried to create a second file, it error with this error: tcpdump: test.dmp: Permission denied – Sean Nguyen Sep 04 '12 at 16:26
  • I found a bug report for it http://bugs.centos.org/view.php?id=1570 but i can't find a solution. I am using centos 6. – Sean Nguyen Sep 04 '12 at 16:28
  • Which `tcpdump` version are you using? – quanta Sep 04 '12 at 17:00
  • Could you be starting the second process a little early such that the file is still open in the first tcpdump while trying the second dump. Maybe a sleep 1 between the two invokations might help. – mdpc Sep 04 '12 at 19:34

1 Answers1

6

If you plan to use file rotation, make sure the directory you write into is world writable.

tcpdump drops privileges shortly after opening the first file specified for writing with -w, so it will not be able to write to a directory if:

  1. it doesn't own or isn't a part of the owning group of the directory or
  2. that directory is not world-writable.
Adrian Heine
  • 328
  • 4
  • 22
Kyle Creyts
  • 61
  • 2