cleverca22
3/19/2017 - 4:45 PM

wireshark no root

wireshark no root

{ ... }:

{
  users.extraUsers.clever.extraGroups = [ "wireshark" ];
  users.extraGroups.wireshark.gid = 500;
}
{ pkgs, ... }:

{
  security.wrappers.dumpcap = {
    source = "${pkgs.wireshark}/bin/dumpcap";
    permissions = "u+xs,g+x";
    owner = "root";
    group = "wireshark";
  };
}
{ ... }:

{
security.setuidOwners = [
  {
    program = "dumpcap";
    owner = "root";
    group = "wireshark";
    setuid = true;
    setgid = false;
    permissions = "u+rx,g+x";
  }
  ];
}