Getting tcpdump to run as non root

19. January 2012 23:43

 

Another short tutorial on how to get tcpdump to run as a non root user. However this is setup correctly so that root and only the permitted users can execute the file and run it. We would not want random people being able to run it stealing our traffic now.

 

You can enable this for non root users in a secure method by using the following commands

 

 

groupadd tcpdump
addgroup <username> tcpdump
chown root.tcpdump /usr/sbin/tcpdump
chmod 0750 tcpdump
setcap "CAP_NET_RAW+eip" /usr/sbin/tcpdump

 

 

As a breif explenation of the above.

  • We create a group called tcpdump. 
  • We then add the user or users that we want to be able to use tcpdump to the group.
  • We then change the user/group of tcpdump to match root and the new group.
  • We then make sure the permissions are set on tcpdump so that members of the group can execute it but other normal users cannot.
  • We then use setcap to give the CAP_NET_RAW priviledge to the executable when it runs. This is so that tcpdump can open its raw socket which is not normally permitted unless you are root.

 

E-mail Kick it! DZone it! del.icio.us Permalink