After packaging and deploying Wireshark via Composer, I discovered an issue when attempting to capture traffic on an interface I get the error "The capture session could not be initiated on interface 'en0' (You don't have permission to capture on that device".
I discovered the post install script and added that to the package but the issue persists.
#!/bin/sh # # Fix up ownership and permissions on /Library/Application Support/Wireshark; # for some reason, it's not being owned by root:wheel, and it's not # publicly readable and, for directories and executables, not publicly # searchable/executable. # # Also take away group write permission. # # XXX - that may be a problem with the process of building the installer # package; if so, that's where it *should* be fixed. # chown -R root:wheel "/Library/Application Support/Wireshark" chmod -R a+rX,go-w "/Library/Application Support/Wireshark" CHMOD_BPF_PLIST="/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist" BPF_GROUP="access_bpf" BPF_GROUP_NAME="BPF device access ACL" dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1 || dseditgroup -q -o create "$BPF_GROUP" dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP" cp "/Library/Application Support/Wireshark/ChmodBPF/org.wireshark.ChmodBPF.plist" "$CHMOD_BPF_PLIST" chmod u=rw,g=r,o=r "$CHMOD_BPF_PLIST" chown root:wheel "$CHMOD_BPF_PLIST" rm -rf /Library/StartupItems/ChmodBPF launchctl load "$CHMOD_BPF_PLIST"
Since the post install script is being run as root, $USER in the following command would be adding root to the access_bpf group:
dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1 || dseditgroup -q -o create "$BPF_GROUP" dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP"
You should change $USER to the logged in user.