linux – tcpdump：out.pcap：权限被拒绝

发布时间：2020-05-24 21:01:28 所属栏目：Linux 来源：互联网

导读：[root@localhost ~]# cat /etc/issueFedora release 17 (Beefy Miracle)Kernel r on an m (l)[root@localhost ~]# uname -aLinux localhost.localdomain 3.6.10-2.fc17.i686 #1 SMP Tue Dec 11 18:33:15 UTC

[root@localhost ~]# cat /etc/issue
Fedora release 17 (Beefy Miracle)
Kernel r on an m (l)
[root@localhost ~]# uname -a
Linux localhost.localdomain 3.6.10-2.fc17.i686 #1 SMP Tue Dec 11 18:33:15 UTC 2012 i686 i686 i386 GNU/Linux
[root@localhost ~]# tcpdump -i p3p1 -n -w out.pcap -C 16
tcpdump: out.pcap: Permission denied

为什么我会得到错误？

我该怎么办？

解决方法

我在Centos 5上试过,即使在tmp或root文件夹上也是如此.从tcpdump手册页中,在打开第一个savefile之前,与-Z选项(默认启用)一起使用时,将删除权限.因为您指定了“-C 1”,因为文件大小已经达到1而发生权限被拒绝,并且在创建新文件时它将引发权限被拒绝错误.所以只需指定-Z用户

# strace tcpdump -i eth0 -n -w out.pcap -C 1
fstat(4,{st_mode=S_IFREG|0644,st_size=903,...}) = 0
mmap(NULL,4096,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x2aea31934000
lseek(4,SEEK_CUR)                   = 0
read(4,"root:x:0:rootnbin:x:1:root,bin,d"...,4096) = 903
read(4,"",4096)                       = 0
close(4)                                = 0
munmap(0x2aea31934000,4096)            = 0
setgroups(1,[77])                      = 0
setgid(77)                              = 0
setuid(77)                              = 0
setsockopt(3,SOL_SOCKET,SO_ATTACH_FILTER,"1310357k",16) = 0
fcntl(3,F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(3,F_SETFL,O_RDWR|O_NONBLOCK)    = 0

recvfrom(3,0x7fff9563d35f,1,32,0) = -1 EAGAIN (Resource temporarily unavailable)
fcntl(3,O_RDWR)               = 0
setsockopt(3,"117P3272337",16) = 0
open("out.pcap",O_WRONLY|O_CREAT|O_TRUNC,0666) = -1 EACCES (Permission denied)
write(2,"tcpdump: ",9tcpdump: )                = 9
write(2,"out.pcap: Permission denied",27out.pcap: Permission denied) = 27
write(2,"n",1
)                       = 1
exit_group(1)                           = ?

你可以看到上面的strace结果,tcpdump将权限放入用户和组pcap(77).

# grep 77 /etc/group
pcap:x:77:
# grep 77 /etc/passwd
pcap:x:77:77::/var/arpwatch:/sbin/nologin

从tcpdump手册页,-C

# man tcpdump
       -C     Before writing a raw packet to a savefile,check whether the file is currently larger than file_size and,if so,close the current savefile and open a new one.  Savefiles after the first savefile will have the name  specified
              with  the -w flag,with a number after it,starting at 1 and continuing upward.  The units of file_size are mil-
              lions of bytes (1,000,000 bytes,not 1,048,576 bytes).

              **Note that when used with -Z option (enabled by default),privileges are dropped before opening first savefile.**


# tcpdump --help
tcpdump version 3.9.4
libpcap version 0.9.4
Usage: tcpdump [-aAdDeflLnNOpqRStuUvxX] [-c count] [ -C file_size ]
                [ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ]
                [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
                [ -W filecount ] [ -y datalinktype ] [ -Z user ]
                [ expression ]

使用-Z用户指定特定用户

# tcpdump -i eth0 -n -w out.pcap -C 1 -Z root
tcpdump: listening on eth0,link-type EN10MB (Ethernet),capture size 96 bytes
35 packets captured
35 packets received by filter
0 packets dropped by kernel

（编辑：安卓应用网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!