first, the proper introduction:
Ubuntu Hardy Heron
with the following tshark install:
user@host:~/Forensics$ tshark -vv
Compiled with GLib 2.16.1, with libpcap 0.9.8, with libz 126.96.36.199, with POSIX
capabilities (Linux), with libpcre 7.4, without SMI, with ADNS, with Lua 5.1,
with GnuTLS 2.0.4, with Gcrypt 1.2.4, with MIT Kerberos.
Running on Linux 2.6.24-19-generic, with libpcap version 0.9.8.
Built using gcc 4.2.3 (Ubuntu 4.2.3-2ubuntu7).
ok, now then;
user@hostname:~/Forensics$ sudo tshark -n -i wlan0 -s 1514 -w capfile.lpc
Running as user "root" and group "root". This could be dangerous.
Capturing on wlan0
tshark: The file to which the capture would be saved ("/home/user/capfile.lpc") could not be opened: Permission denied.
and even this;
user@hostname:~# sudo -i
root@hostname:~# tshark -n -i wlan0 -s 1514 -w /home/user/~Forensics/capfile.lpc
however, if I specify file outside of my homedir
, it functions correctly as either root or with 'sudo'
/dev/sda1 on / type ext3 (rw,relatime,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
/sys on /sys type sysfs (rw,noexec,nosuid,nodev)
varrun on /var/run type tmpfs (rw,noexec,nosuid,nodev,mode=0755)
varlock on /var/lock type tmpfs (rw,noexec,nosuid,nodev,mode=1777)
udev on /dev type tmpfs (rw,mode=0755)
devshm on /dev/shm type tmpfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
lrm on /lib/modules/2.6.24-19-generic/volatile type tmpfs (rw)
securityfs on /sys/kernel/security type securityfs (rw)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
gvfs-fuse-daemon on /home/user/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=user)
as i get this error writing to any location in the homedir, there is little (read: "no") chance that standard file/dir perms are the issue.
i have gone so far as to 'touch' the destination file first, still receive error.
i'm suspecting 'nosuid' as the culprit but this doesn't really jive with me. before I start tearing things down to t-shoot this i was wondering if anyone had any interesting input here.
thanks in advance;