When the capture file is created, file is created with "600" permission. umask did not help.
Wireshark's done that since 1999; the commit to do that was
commit c31abd81fa1fa78b0ac19d0b1de3d492a016768c
Author: Gilbert Ramirez <[email protected]>
Date: Sat Jul 31 23:06:13 1999 +0000
chmod() the temporary capture file to 0600 so that only the user can
read the trace. We chmod() after pcap creates the file, but before it actually
writes data there. Thanks to Frederic Peters <[email protected]>,
the Debian maintainer of Ethereal, for pointing this out.
Is there an option to set to make it say 644 or some other file permission.
There is, but it's command-line only (-g); there's no such option for Wireshark.
- Capture file is created without any file extension, is there a setting to include the file extension(.pcapng).
No - if you give an explicit file name (which you have to do with a ring buffer), you have to give the extension explicitly, e.g. if you specify "hello.pcapng" in the Output pane of the Capture Options dialog, the files have names like hello_00001_20200226191351.pcapng.
Who are the owner and group of the capture files?
There is only one additional user created(UID: 501, GID: 20) and using that account to setup the wireshark captures.
I'm not a Mac guy. Look over these.
https://blog.wireshark.org/2010/02/ru...
https://wiki.wireshark.org/CaptureSet...
If changing dumpcap helps with permissions then we can look at the file extension problem.