commit 1865e02e6c22ee55b0bb11b8c78330d4e65a1132
Author: Robert Frohl <rfrohl@suse.com>
Date:   Wed Jan 13 14:18:36 2021 +0100

    Warn if user can't access dumpcap.

Index: wireshark-4.0.0/capture/capture_sync.c
===================================================================
--- wireshark-4.0.0.orig/capture/capture_sync.c
+++ wireshark-4.0.0/capture/capture_sync.c
@@ -24,6 +24,10 @@
 #include <wsutil/wslog.h>
 #include <wsutil/ws_assert.h>
 
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <grp.h>
+
 #ifdef _WIN32
 #include <wsutil/unicode-utils.h>
 #include <wsutil/win32-utils.h>
@@ -738,11 +742,22 @@ sync_pipe_start(capture_options *capture
          * Child process - run dumpcap with the right arguments to make
          * it just capture with the specified capture parameters
          */
+        char * grp_warning = calloc(1, 256);
         dup2(sync_pipe[PIPE_WRITE], 2);
         ws_close(sync_pipe[PIPE_READ]);
         execv(argv[0], argv);
-        snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
-                   argv[0], g_strerror(errno));
+        if (errno == EPERM || errno == EACCES) {
+                struct stat statbuf;
+                struct group *grp;
+                if(stat("/usr/bin/dumpcap", &statbuf) == 0) {
+                        if ((grp = getgrgid(statbuf.st_gid)) != NULL) {
+                                snprintf(grp_warning , 256, "\nYou need to be a member of the '%s' group. Try running\n'usermod -a -G %s <YOUR_USERNAME>' as root.", grp->gr_name, grp->gr_name);
+                        }
+                }
+        }
+        snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
+                argv[0], g_strerror(errno), grp_warning);
+        free(grp_warning);
         sync_pipe_errmsg_to_parent(2, errmsg, "");
 
         /* Exit with "_exit()", so that we don't close the connection
@@ -987,6 +1002,7 @@ sync_pipe_open_command(char* const argv[
          * Child process - run dumpcap with the right arguments to make
          * it just capture with the specified capture parameters
          */
+        char * grp_warning = calloc(1, 256);
         dup2(data_pipe[PIPE_WRITE], 1);
         ws_close(data_pipe[PIPE_READ]);
         ws_close(data_pipe[PIPE_WRITE]);
@@ -994,8 +1010,18 @@ sync_pipe_open_command(char* const argv[
         ws_close(sync_pipe[PIPE_READ]);
         ws_close(sync_pipe[PIPE_WRITE]);
         execv(argv[0], argv);
-        snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
-                   argv[0], g_strerror(errno));
+        if (errno == EPERM || errno == EACCES) {
+                struct stat statbuf;
+                struct group *grp;
+                if(stat("/usr/bin/dumpcap", &statbuf) == 0) {
+                        if ((grp = getgrgid(statbuf.st_gid)) != NULL) {
+                                snprintf(grp_warning , 256, "\nYou need to be a member of the '%s' group. Try running\n'usermod -a -G %s <YOUR_USERNAME>' as root.", grp->gr_name, grp->gr_name);
+                        }
+                }
+        }
+        snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
+                   argv[0], g_strerror(errno), grp_warning);
+        free(grp_warning);
         sync_pipe_errmsg_to_parent(2, errmsg, "");
 
         /* Exit with "_exit()", so that we don't close the connection