I faced a very weird error, I'm running tcpdump by the root and want to log the output, when I do
tcpdump -i eth0 -w logs/local.dump
it works fine, but when I set the output path like bellow, I get permission error:
tcpdump -i eth0 -w /mnt/local.dump
The permissions of the 'logs' folder which is in /home/ubuntu is 755 and root:root, ad the same for /mnt the permission is 755 and root:root. But I don't get why I get the permission error when I set the output as /mnt/local.dump.
Best Answer
I ran into this same issue as well on Ubuntu. Seems that tcpdump drops permissions after executing based upon the accepted answer for this question:
tcpdump failed withi permission denied on centos when using with rotated file option
I didn't start running into the permission issue myself until I started playing around with the -C options to limit file sizes. Even deleting the origin file I had in -w did not bring the permissions back nor did changing the -w to a different file within the same directory.
What did work was changing directories to a spot that was owned by root and had loose restrictions for the target directory and parent paths.
I'm not sure what tcpdump is doing under the hood to cause this problem, might dig into a little bit more some other time. I think it might be caching something and once you try the rotating file option, if your permissions aren't setup correctly it will break the non-rotating file options as well.