Test Description - Automate execution of "tcpdump command to capture logs" through "Execute external command". User for that execution is a non root user.
Problem statement - In Test step, logging on the server is as a root user and creating the dumps . But we need to switch the user from root to specific user before tcmpdump command execution.
Solution tried so far - We tried with "su - username tcpdump xyz.log" (it shows the owner as root)
Can anyone suggest how to change the user in command line or any shell script for the same?
Regards,Akshay M. C-9892228993
The best way to do this is to have the tcpdump command added to to the sudo configuration and set up so as to not require a password.
This can be done by adding a like to end of the sudoers file (or a file in sudoers.d, depending on your distribution) that looks something like this
myUserID ALL = (root) NOPASSWD: /usr/sbin/tcpdump
You will need to adjust the username and path to tcpdump as appropriate. Note also that this needs to go AFTER any other rules that might apply to you, since it will be treated as an exception to the normal policy.
Once done, invoke tcpdump as
A note of caution - the sudo configuration files must be edited with visudo to prevent a whole world of misery, and only privileged users can change these files.
man 5 sudoers
Depending on your distribution, one or the other of these might help
Ubuntu Forums (Ubuntu and similar)
2.3. Configuring sudo Access (RH and similar)
Have you tried: su - username -c tcpdump xyz.log
Assuming you are wanting the contents of tcpdump into the xyz.log, I would suggest a redirect.something like this:$su - user -c "path to command" >> /tmp/xyz.log
Hope this helps.
Thanks for the reply.
But here I am trying to execute "tcpdump xyz.pcap" command not redirect command.
When the user is "root" - LISA step executes tcpdump command and .pcap file is also getting created. But in our case , traffic will be captured only when user is "NonRoot".
So even though file is created, it won't capture any traffic as the user is "root".
Considering above constraint , to automat my script I am considering to follow below steps -
1.Change the user from "root" to "non root" user.
2.Execute tcpdump command to start the listener of traffic.
3.Execute the lisa test (that will generate traffic) - Ready
4.Kill tcpdump command .
Can anyone suggest an approach to execute first step. ?
the su - user will switch root to user ( and shouldn't require a password , since coming from root )
For the automation portion, will all these commands be inside of one script?
If so, I would recommend giving tcpdump a count, otherwise the script won't end until an admin kills the script.
# su - user -c "tcpdump -c 5" (or whatever iteration you want) <other options> >> /tmp/tcpdump.log
The hyphen c (-c) should run the command tcpdump as user
However, there might be an issue running the tcpdump command as a non root user, where root needs access to the network interfaces.
Above command worked for me. Now I am able to change the user at run time.
To change the ownership of the dump file afterwards, one should use the chown command
chown user:group dumpfile