Packaging Wireshark 3.0.x Permissions Issue

omar_ghafoori
New Contributor II

After packaging and deploying Wireshark via Composer, I discovered an issue when attempting to capture traffic on an interface I get the error "The capture session could not be initiated on interface 'en0' (You don't have permission to capture on that device".

I discovered the post install script and added that to the package but the issue persists.

fcc2c730515e4b83b8586e8debde25bf

#!/bin/sh

#
# Fix up ownership and permissions on /Library/Application Support/Wireshark;
# for some reason, it's not being owned by root:wheel, and it's not
# publicly readable and, for directories and executables, not publicly
# searchable/executable.
#
# Also take away group write permission.
#
# XXX - that may be a problem with the process of building the installer
# package; if so, that's where it *should* be fixed.
#
chown -R root:wheel "/Library/Application Support/Wireshark"
chmod -R a+rX,go-w "/Library/Application Support/Wireshark"

CHMOD_BPF_PLIST="/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist"
BPF_GROUP="access_bpf"
BPF_GROUP_NAME="BPF device access ACL"

dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1 || 
    dseditgroup -q -o create "$BPF_GROUP"
dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP"

cp "/Library/Application Support/Wireshark/ChmodBPF/org.wireshark.ChmodBPF.plist" 
    "$CHMOD_BPF_PLIST"
chmod u=rw,g=r,o=r "$CHMOD_BPF_PLIST"
chown root:wheel "$CHMOD_BPF_PLIST"

rm -rf /Library/StartupItems/ChmodBPF

launchctl load "$CHMOD_BPF_PLIST"
3 REPLIES 3

bcuerdon
New Contributor II

Make sure that the user has local admin rights.

omar_ghafoori
New Contributor II

It seems this issue was resolved up until version 3.0.6 using the post install script above. The issue is the users this is being deployed to are not all admins by default.

The user is added to the appropriate access_bpf group after the installation but I continue to get this error.

bcuerdon
New Contributor II

Since the post install script is being run as root, $USER in the following command would be adding root to the access_bpf group:

dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1 || 
    dseditgroup -q -o create "$BPF_GROUP"
dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP"

You should change $USER to the logged in user.