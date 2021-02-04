Running tcpdump from web page

#1

Hi everyone, I am trying to do a simple pcap from a web page and am not having success.

Using visudo, I have added the following 2 lines at the end

www-data ALL=(testuser)  NOPASSWD: /usr/sbin/*tcpdump*
testuser ALL= NOPASSWD: /usr/sbin/tcpdump*

My php page contains

echo "Current user is: " . get_current_user()."<br>";
echo exec('sudo -u testuser timeout 5 tcpdump -w /var/www/html/temp/testing.pcap');

When I run this from the web page, the Current user comes back as www-data but it does not capture. It complains about not having permissions

When I run the same php page from command line, the capture is good and I do not have to enter any root password.

This is on an ubuntu server 18 system using php 7.x

#2

But when you run it from command line, are you running it from the www-data user? My guess is that you are using some kind of user or root account. Does www-data have access to /var/www/html/temp/testing.pcap and is it capturing to a directory that also has write permission for www-data?

Try logging in as www-data and see if you can write to the places your capture needs to write to. It sounds like a simple permissions issue to me.

#3

or sudoing as, anyway.

i’m not 100% sure that sudoers file looks right… the spacing concerns me, as does testuser’s lack of a runas.