问题
The following command (called as user root with and without -i eno)
tcpdump -w a.dump -i eno1 portrange 27900-27901
works only in some directories, eg. /tmp and /root. But it works not in other directories, for example not in /temp created with:
mkdir /temp
chown root.root /temp
chmod 700 /temp
Stopped apparmor, but it doesn't help.
Any ideas to enable other directories?
回答1:
Problem solved. It was AppArmor. I learned the stopping the service does not stop the protection. In detail, there were some rules that don't allow the file extension .dump in unknown directories. The file extension .pcap is allowed in all places. Now I have disabled the control of tcpdump.
I see no reason to forbid *.dump, but to allow *.pcap. Who thinks up such rules?
来源:https://stackoverflow.com/questions/58900788/debian-buster-tcpdump-w-file-works-only-in-some-directories