Layered Wireshark - Adding user to wireshark group breaks ability to add layers
I'm trying to utilize Wireshark on my Bazzite installation. I've installed it from rpm-ostree and have also gotten it to work just using my normal user account. I did this by copying out the wireshark like from /var/lib/group to /etc/group and then running a usermod -aG wireshark <username>. This works great until I attempt to utilize rpm-ostree again. When I try to add another layer or even use ujust update, it throws an error complaining about the wireshark group. I'm able to successfully use layers when I remove the wireshark group from the /etc/group file.
Has anyone else seen this behavior and have a proper resolution for this?
26 Replies
Prefacing this, any specific reason you didn't install wireshark as a flatpak?
Also do post the error that rpm throws. I mean I can guess why.
When you say copying out, do you mean copy or cut?
It expects a state of the tree, and you changed it. That can only lead to issues :V
Best practice would be to install it via flatpak.
I didn't change anything in the ostree part
So, by default the package adds the wireshark group to /usr/lib/group
So, doing a normal usermod -aG wireshark <username> doesn't work
cause that part of the FS is RO
So, I did a
grep -E "^wireshark:" /usr/lib/group | sudo tee -a /etc/group
then did the usermod -aG <username>
which works, and allows me access to NICs in wireshark
however, when I have the wireshark group present in /etc/group, I get that posted error when doing anything related to rpm-ostree
well, where it has to modify a layer
If I remove the wireshark group from /etc/group it's happyMy initial guess is that the error message is misleading and it has a problem with duplicated groups/etc.
likely, I didn't know if there was a different way I should be going about this.
May I point you towards
Installing and Managing Applications - Bazzite Documentation
Bazzite is a custom image built upon Fedora Atomic Desktops that brings the best of Linux gaming to all of your devices.
It gives you a list (from best practice to worst practice [?]) on how to install applications.
My recommodation: flatpak install wireshark and then use the Flatseal applications to mess with permissions if something doesn't work.
If that doesn't work, use GearLever to install and manage the appimage.
If there is a wireshark appimage.
Flatpak version of Wireshark can't access hardware
Correct, it's a flatpak.
You can change that with Flatseal.
Oh wait nevermind. Flathub states it.
"NOTE: This version of Wireshark does not support capturing data."
I would've gone the flatpak route if I could.
What about brew?
I could try, the bigger part is getting privileged access to network cards to allow for running in permiscuous mode for traffic capture
If you install it with brew, it shouldn't be sandboxed at all.
I'll give it a shot here. Need to pull out the overlay and try. Give me a few.
Take your time.
Okay, so brew only installs CLI version of wireshark. And, unfortunately, the --cask version is only supported on OSX
Yeah, can't install the wireshark gui app via brew
I wasn't sure if there was something similar to the ujust add-user-to-input-group but for wireshark
I'm not quite sure how that works, because there's no entry in /etc/group, and my user doesn't show up in the /usr/lib/group file for 'input' either.
Huh this is indeed...a conundrum.
I mean, I did come here after doing my homework. Pretty much all the stuff I see online for adding your user to a system group in ublue points toward the trick of snagging the group out of /usr/lib/group, adding it to /etc/group and then doing the usermod -aG stuff
It's just that it breaks rpm-ostree in this instance
Maybe a distrobox.
Would have to do distrobox --root for that, right?
kinda a pita.... as it sets the password every time tho
hmmm
well, either way is a pita
Yeah. It is.
You could grab an appimage from someone who precompiled it.
Okay, well, at least I'm pretty confident I'm not just missing some obvious "oh, yeah, you gotta do this" type thing.
Nope.
I'm also looking for a solution to this, it'd make sense for there to be a solution for DX and GDX where people are analyzing network issues to develop e.g. apis/webapps/games