My apologies.


Setting SUID bit for /usr/bin/dumpcap works in all cases.


Also, getcap fails on the fat client and the thin client console, but works on the application server itself. I'm still curious about setting capabilities on the fat or thin client.


________________________________
From: Robert Mavrinac <***@uwindsor.ca>
Sent: July 23, 2015 3:25 PM
To: ltsp-***@lists.sourceforge.net
Subject: [Ltsp-discuss] LTSP-PNP and pam_group.so behaviour in thin clients, fat clients and ltsp-localapps


I am currently setting up a new cluster of LTSP-PNP servers running Debian 8.


I have the appropriate settings for adding all authenticated users to various groups automatically using pam_group.so, modelled after settings in the debian-edu-config package and documentation at https://help.ubuntu.com/community/LDAPClientAuthentication.


The group membership is correct for the user logged into a thin client, even at the console (Ctrl-Alt-F1).


Take wireshark, for example. It works fine on the thin client because the user is in the wireshark group, but I would like it to work on as an LTSP_LOCALAPP. If it is run as a localapp, it complains about permissions even though the user is in the wireshark group.


https://wiki.wireshark.org/CaptureSetup/CapturePrivileges#Other_Linux_based_systems_or_other_installation_methods offers some suggestions:


1. Additional capabilities are suggested to get dumpcap to work, but this doesn't work for ltsp-localapps or fat clients.


setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap


On the fat client getcap /usr/bin/dumpcap yields "Failed to get capabilities of file `/usr/bin/dumpcap' (Operation not supported)".


2. Setting SUID bit on for /usr/bin/dumpcap works for fat clients, but still doesn't fix the problem for wireshark as a localapp.


chmod u+s /usr/bin/dumpcap




Any ideas?